+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 34
  1. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #1

    Talking My Journey for 642-617: Firewall v1.0 (1 of 4 exams required for CCNP: Security)

    **************************************************
    =====================================
    My Journey for 642-617: Firewall v1.0 (1 of 4 exams required for CCNP: Security)
    =====================================
    ************************************************** *

    Initial Update:
    Certification: 642-617 FIREWALL v1.0 Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

    000.00% - Overall Preparation
    =============================
    000.00% - Reading
    000.00% - Labbing
    000.00% - Confidence
    ==============================

    ================================================== ======================================
    Header Explanations (this will only be done for this initial posting)
    ================================================== ======================================

    <insertword> Update:
    Which update I'm on. I like to use initial, second, third, etc. Hopefully, I clear the exam before the thirtieth update!

    Certification: <title>
    Title of certification I'm working on

    Overall Preparation:
    Basically, a mathematical average of the numbers of Reading, Labbing, and Confidence.

    Reading:
    Reading will have to come from cisco.com, as I've decided to try this one without buying a book for it. I believe that I posted in another thread that someone should be able to study for a vendor certification test, using the information freely available on the vendor's website. If this is not possible, then either the vendor does not have adequate documentation on their website, or I do not know how to properly study for their exam, from using the freely available materials.

    Labbing (Doing the labs):
    1. Labs will have to come from cisco.com, as I've decided to try this one without buying an actual book, just to see what result I get.
    2. Focusing on exam objectives, not on doing a million different configurations.
    3. Lab EQ: SDM/GNS3/3550 Switches will have to rely on using ASA at work, and the emulated ASA in GNS3.

    Confidence (How confident I am in being able to pass this exam, if I took it today.):
    Not very at this point, LOL. I don't use all the features of an ASA in day-to-day work, we tend to just use them for firewalling, and *rarely* to VPN, as we tend to use Juniper for VPNs.

    =====================================

    Now with that said, what would be my notes for studying for this test?

    1. The official objectives:
    https://learningnetwork.cisco.com/docs/DOC-8974

    2. Looked at the table of contents of this book:
    CCNP Security Firewall 642-617 Quick Reference

    3. Looked at the table of contents of this book:
    CCNP Security FIREWALL 642-617 Official Cert Guide, Rough Cuts

    4. The CLI Guide for ASA
    Cisco ASA 5500 Series Configuration Guide using the CLI, 8.4 [Cisco ASA 5500 Series Adaptive Security Appliances] - Cisco Systems

    5. The ASDM Guide for ASA
    Cisco ASA 5500 Series Configuration Guide using ASDM, 6.4 - Cisco Systems

    I may branch out to other links, but these are the main things I am studying from for now.

    I found it particularly interesting that the "quick reference" guide broke out AAA to an entire section, but it wasn't spelled out in the exam syllabus ... needless to say, I'll make sure to review AAA, as well as weigh the rest of those table of contents against the exam objectives, just AAA stuck out like a sore thumb.

    I was going to post a table of links, but according to the exam objectives and the guide table of contents that I saw, about the only thing I didn't see taken from the CLI and ASDM guides was the items about VPN, but even with that said, I'm not going to ignore those, so I'm basically studying from the complete CLI and ASDM guides for the ASA.

    We'll see how this goes.....
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #2
    Good luck! Which asa models do you work with? Are you CCNP:S bound?
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #3
    Quote Originally Posted by Bl8ckr0uter View Post
    Good luck! Which asa models do you work with? Are you CCNP:S bound?
    I don't want to say which models of equipment that I work with (in case there are vulnerabilities), but is 5500 series a good enough answer? (I know, probably not, LOL.) I have one ticket where I'm replacing a PIX with an ASA, but as the PIX was running a later OS, there weren't as many caveats with transferring that configuration as it would be if it was with a wider variance in code revisions.

    I'm not sure if I'm CCNP:S bound, but no harm in becoming more knowledgeable about the equipment that I'm working with
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #4
    I feel that this single exam might be the most applicable to my day-to-day work, of the one's available with this track, as most customer complaint's are something to the effect of "hey, application XYZ's not working right, are you guys blocking anything on the firewall?" .... of course everyone blames the firewall first. probably second place would be the VPN exam, as customers like to blame whatever they understand the least

    third would be the test for securing switches and routers, as we don't get to touch that as often, and fourth would be IPS, as I've met only one person who's using Cisco IPS.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #5
    Second Update:
    Certification: 642-617 FIREWALL v1.0 Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

    003.33% - Overall Preparation
    =============================
    005.00% - Reading
    005.00% - Labbing
    000.00% - Confidence
    ==============================

    Today's Update:

    I'm closer to my goal, than when I started!

    Reading:
    I've read about the first 100 pages of the ASA CLI guide, and also have been doing hands on for all the commands covered so far.

    I probably won't be able to clear this one in the one month goal I originally set for myself, as my WGU classes just started up, and I want to hit those aggressively, as a priority.

    Labbing:
    As I've finally gotten the emulated ASA somewhat stable, I hope to be able to really get into some labs, coming up.

    Confidence:
    If I took the exam today, no way I deserve to pass, as I've never used a couple of the product features that will be tested on the exam. I hope for that to not be the case, by the time this is all wrapped up.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #6
    Third Update:
    Certification: 642-617 FIREWALL v1.0 Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

    004.67% - Overall Preparation
    =============================
    007.00% - Reading
    007.00% - Labbing
    000.00% - Confidence
    ==============================

    Today's Update:

    I'm closer to my goal, than when I started!

    Reading:
    I've read about the first 150 pages of the ASA CLI guide, and also have been doing hands on for all the commands covered so far.

    Labbing:
    Only so far, just what I've covered in the guide. I have ASDM working now, also.

    Confidence:
    If I took the exam today, no way I deserve to pass, as I've never used a couple of the product features that will be tested on the exam. I hope for that to not be the case, by the time this is all wrapped up.
    =====================
    =====================
    ========================
    ======================
    ======================
    ====================
    ====================
    ======================================

    Also, another thing, just getting the ASA emulated seems to be a piece all onto itself, so this information in this posting will help others.

    I included a screenshot of my current lab setup at the end of this posting. I didn't have a clear idea of what to do, but I figured I could do DMZ's and VPN's with this setup, and use the C2 as a management computer, to do stuff like syslogs with. So far, I've only incorporated C2 and ASA1, but hope to be doing stuff across the entire setup, by the time I'm done. (Maybe the drawing changes by that time, but I figured this setup could address routing requirements, firewall, etc. not sure how much of the SSM's I can do with this one, but I guess I'll find out when it gets to that point.)

    ================================================== ================
    I didn't just come up with this on my own, I used lots of tips from others on the interwebs, to come up with something that worked consistently for me.

    I originally posted on this here:
    http://www.techexams.net/forums/ccsp...tml#post552337
    But ... decided to just stick it in this thread, as it would probably be a topic of inquiry for someone pursuing the Firewall examination.

    Sources:

    Saving ASA Config in GNS3 - Cozzi's
    Cozzi's - Cisco Knowledge Sharing Blog
    Cisco CCNA TOOLS

    &#x202a;How to add asa in gns3 and run asdm - Part 1&#x202c;&rlm; - YouTube
    ^^^ all three videos of that series


    =========================

    How to get the ASA running
    ===========================


    1. Cozzi's - Cisco Knowledge Sharing Blog > Free Tools
    download: cisco asa 8 initrd.gz
    download: cisco asa8 kernel
    2. launch gns3 > edit > preferences > Qemu > ASA
    initrd: specify the file you downloaded earlier
    kernel: specify the other file you downloaded
    make sure to give it a name
    then, you can save, apply, and ok
    3. in GNS3, bring the firewall over
    start it
    minimize the window that comes up
    4. open the ASA console
    wait for one minute (it is loading up)
    5. after waiting one minute, enter this command:
    cd /mnt/disk0
    /mnt/disk0/lina_monitor


    ================================================== ==============

    Formatting the Flash (for when saving fails)
    =======================

    1. enter this command from enable mode:

    format flash:

    2. restart the ASA
    in GNS3 right click on the ASA Icon – “stop”
    give it a few seconds then select “start”

    3. open your ASA console
    if asked run the command
    cd /mnt/disk0
    /mnt/disk0/lina_monitor

    4. now try dir again … note the 0 bytes has gone :O)

    5. You can now save your configs !!

    (follow steps below, on how to do that, I just keep it in notepad, and just paste in when I need it)

    ================================================== ======
    Saving ASA Configuration
    ========================

    copy /noconfirm running-config disk0:/.private/running-config
    copy /noconfirm disk0:/.private/running-config disk0:/.private/startup-config
    configure terminal
    boot config disk0:/.private/startup-config
    exit
    ==============================
    INTERFACES PINGABLE?
    ======================

    In all the net demos I saw, the ASA was separated by a switch, so I did this, for all of mine. Whether or not this is required, I am not sure, as I have not verified.

    Let me test right quick ...

    Ok, if you try to connect directly, you get this error:

    "Device does not support this type of NIO. Use an ETHSW to bridge the connection to the NIO instead."

    So, definitely, you need to use the switches between your ASA's, and they work just fine.

    So, that explains that. It works fine. I even TFTP'ed through the thing, as well as run asdm.

    Guess next would be the instructions on using ASDM.

    ====================================
    ASDM CONFIGURATION
    ===========================
    java version used: 1.42_05
    OS used: XP Pro SP3 (this is actually running inside a Windows Virtual PC)
    web browser used: IE 8

    1. Download asdm.bin file - Cisco Systems, Inc > support > downloads > ASA 5500 > Cisco ASA 55XX Adaptive Security Appliance (choose whichever one you have .... login and support contract restricted download)
    2. Download TFTP server - TFTP server
    3. Install TFTP server
    4. Start TFTP server
    5. Configure TFTP server to point to your asdm bin file
    6. Verify ping between ASA and the TFTP server
    ===
    7. set up ASA for https access
    config t
    http server enable
    http 10.10.10.10 255.255.255.255 dmz
    username instant password techeXams privilege 15

    ^^^ Note: this assumes that your workstation that you are going to connect to the ASDM with is running IP address 10.10.10.10
    =========
    8. copy the asdm bin file to your ASA using tftp
    copy tftp://10.10.10.10/asdm-699.bin flash:

    ^^^ Note: this assumes that your asdm filename is asdm-699.bin (it should differ)

    9. set up file you just uploaded to your ASA as the ASDM image
    config t
    asdm image flash:asdm-699.bin

    10. Connect to your ASA via https
    https://<ASA IP ADDRESS>

    11. Install ASDM Launcher and Run ASDM

    12. Plug in your ASA's IP address (the one you could ping earlier) and login with the credentials you configured earlier, and you should be good to go!

    Have at it!


    ======================
    Attached Images Attached Images
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #7
    Fourth Update:

    1. I am downgrading the guides I am reading on Cisco's site to version 8.2 per some good information I gathered from comments on this site, and at the Cisco exam objectives page. (This saves about 400 or 500 pages of reading, as there's that much difference in content from the 8.2 to 8.4 guides).

    2. I found this book is available at WGU, through Books 24 x 7, so I can use this to study for my exam, yes!

    Amazon.com: Cisco ASA Configuration (Networking Professional&#39;s Library) (9780071622691): Richard Deal: Books
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #8

    Talking Fifth Update:

    Fifth Update:

    In this post, I decided to do a breakdown of the exam topics, versus items I could read through and study from the configuration guides and/or articles available on cisco.com. Then, I can use this as a "checklist" to make sure that I've studied everything that I need to cover, prior to sitting the exam. Since I didn't have an official text, this will serve as my "compass" as I study.

    TIP: I like to put "dates" alongside what I study. This helps me to get into a study mode on a daily basis. I realize that by covering the entire 8.2 guide, I'll probably study more than someone would if they went to the Firewall Course ... but as I work with ASAs on a daily basis, I'd want to know more about them than someone who just went to a class for a week.

    This can hopefully be used as a study template by others. I would hope that you gave original credit to me, but I'm not going to sue you over it, UNLESS you figure out a way to make money from it

    ===============================================

    My Breakdown of Exam Topics (compare to the 8.2 configuration guide, since the test is on 8.2, no need to read the 8.4 guide, especially when the 8.4 guide has about 400 or 500 more pages, AND has the new style of NAT, which wouldn't be covered, so I'd hurt myself with that one, while I still need it for work, not for this exam).

    I. Pre-Production Design

    A. ___ Choose ASA Perimeter Security technologies/features to implement HLD based on given security requirements
    ^^^ This is about knowing everything an ASA is capable of, and designing your security perimeter based upon the appropriate technology. I imagine that questions from this topic would be about being given a set of things you'd want your network to be protected from, and being able to choose the appropriate ASA technology for the situation. In order to do that, you're going to have to understand all of the ASA capabilities. (to me, this means a general understanding of the Cisco Security Design, as well as knowing what features the ASA has, and what they do.)
    What to read: Security Design Guides

    B. ____ Choose the correct ASA model to implement HLD based on given performance requirements
    ^^^ This is about knowing what the performance capabilities of the different ASA models out there are. Some can give you more or less VPNs, contexts, etc. The best resource for this is going to be memorizing the model feature comparisons. (see II-A. 1, Licensing, for another thing to just memorize)
    What to memorize: Model Comparison Sheets

    C. ______ Create and test initial ASA appliance configurations using CLI
    ^^^ This is about things like IP addressing, naming interfaces, security levels, hostname, domain name, and setting up for https access, so you can manage the appliance via ASDM
    What to do: IP address, naming interfaces, security levels, host name, domain name, set up ASDM access, setting up basic local/AAA authentication, setting time, and logging. What files are required to boot the device, as well as run ASDM? How do I save the configuration (don't want to lose all your hard work).
    what to know: device setup

    II. Complex Operations Support

    Note to self: memorize licensing, understand and configure everything else

    A. ___ Optimize ASA Perimeter Security features performance, functions, and configurations
    ^^^ Not quite sure what this one means at this time, to be honest. I'll have to read and look for text such as "Cisco recommends". Just including some topics below that would HAVE to be covered, that I can't find elsewhere in the syllabus, that appear to be in this area.
    ___ 1. Managing Feature Licenses
    ___ 2. Configuring the Transparent or Routed Firewall
    ___ 3. Managing Multiple Context Mode
    ___ 4. Configuring DHCP and DDNS
    ___ 5. Modular Policy Framework

    B. ___ Create complex ASA security perimeter policies such as ACLs, NAT/PAT, L3/L4/L7 stateful inspections, QoS policies, cut-thru proxy, threat detection, botnet detection/filter using CLI and/or ASDM
    ___ 1. ACLs
    ___ a. Extended
    ___ b. EtherType
    ___ c. Standard
    ___ d. Webtype
    ___ e. IPv6
    ___ f. Object Groups
    ___ g. Logging ACLs

    ___ 2. NAT/PAT
    ___ a. NAT Control
    ___ b. Dynamic NAT and PAT
    ___ c. Static NAT
    ___ d. Static PAT
    ___ e. Bypassing NAT

    ___ 3. L3/L4/L7 stateful inspections
    ___ a. Configuring Inspection of Basic Internet Protocols
    ___ b. Configuring Inspection of Voice and Video Protocols
    ___ c. Configuring Inspection of Database and Directory Protocols
    ___ d. Configuring Inspection of Management Application Protocols

    ___ 4. QoS policies
    ___ 5. cut-thru proxy
    ___ 6. threat detection
    ___ 7. botnet detection/filter
    ___ 8. TCP State Bypass
    ___ 9. TCP Normalization
    ___ 10. Web Cache Services Using WCCP
    ___ 11. Preventing Network Attacks

    C. ___ Perform initial setup on the AIP-SSM and CSC-SSM using CLI and/or ASDM
    ___ 1. AIP-SSM
    ___ 2. CSC-SSM

    D. ___ Configure, verify and troubleshoot High Availability ASAs (A/S and A/A FO) operations using CLI and/or ASDM
    ___ 1. Active/Standby
    ___ 2. Active/Active
    ___ 3. Considerations for failover when using single/multiple contexts

    E. ___ Configure, verify and troubleshoot static routing and dynamic routing protocols on the ASA using CLI and/or ASDM
    ___ 1. static routing
    ___ 2. default routing
    ___ 3. RIP
    ___ 4. EIGRP
    ___ 5. OSPF
    ___ 6. Multicast
    ___ 7. IPv6 Neighbor Discovery

    F. ___ Configure, verify and troubleshoot ASA transparent firewall operations using CLI

    G. ___ Configure, verify and troubleshoot management access/protocols on the ASA using CLI and/or ASDM
    ___ 1. management interface (or was this covered in initial configuration?)
    ___ 2. Permitting or Denying Netowrk Access
    ___ 3. Configuring AAA Servers and the Local Database
    ___ 4. Configuring Management Access
    ___ 5. Configuring AAA for Network Access
    ___ 6. Configuring Filtering Services
    ___ 7. How to avoid locking yourself out of the firewall (this just seems obvious to add somewhere)
    ___ 8. password recovery (would seem to be an important part of management access)
    ___ 9. Loggings
    ___ 10. NSEL
    ___ 11. NSMP
    ___ 12. Smart Call Home

    III. Describe Advanced Troubleshooting

    A. _____ Advanced ASA security perimeter configuraiton/software/hardware troubleshooting using CLI and/or ASD fault finding and repairing
    ______ 1. Managing Software and Configurations
    ______ 2. Troubleshooting

    B. ___ Additional Reading: (just some stuff that makes sense for me to read)
    ____ 1. Cisco article on troubleshooting connectivity through ASA/PIX
    ____ 2. packet tracer articles
    ____ 3. Glossary terms (I actually prefer to start here, it makes everything else in the guide easier to read)
    ____ 4. cisco.com (exam objectives) - right below the exam objectives, a poster makes remarks about exam content. (apparently, this post is legal, as another post right beside it was moderated) several posts clue you in to what ASA version is tested on the test, and this is also not moderated. Before, I was ignoring the posts down there, as most of them were just complaints, but knowing which ASA version to test on is important, considering the vast difference between the natting setups in 8.2 and 8.3.
    _____ 5. Richard Deal's book: Cisco ASA Firewalls (available thru WGU, on books 24x7... (also noticed they appear to have the new CCNP series of books available there, too, so this is another incentive, if you're a WGU student! ... yes, I'm plugging my U!)
    _____ 6. VPN items in the config guide. Though not listed in any objectives, considering there is an entirely separate "VPN" test, I do not want to take a chance at going into the test "unaware". There's a complete section of the config guide on VPN, and I will at least read over it, so I don't walk into the test blind-sided.
    ================================================
    Compared vs. the Cisco Exam Topics for 642-617:


    Pre-Production Design

    Choose ASA Perimeter Security technologies/features to implement HLD based on given security requirements
    Choose the correct ASA model to implement HLD based on given performance requirements
    Create and test initial ASA appliance configurations using CLI
    Determine which ASA licenses will be required based on given requirements

    Complex Operations Support

    Optimize ASA Perimeter Security features performance, functions, and configurations
    Create complex ASA security perimeter policies such as ACLs, NAT/PAT, L3/L4/L7 stateful inspections, QoS policies, cut-thru proxy, threat detection, botnet detection/filter using CLI and/or ASDM
    Perform initial setup on the AIP-SSM and CSC-SSM using CLI and/or ASDM
    Configure, verify and troubleshoot High Availability ASAs (A/S and A/A FO) operations using CLI and/or ASDM
    Configure, verify and troubleshoot static routing and dynamic routing protocols on the ASA using CLI and/or ASDM
    Configure, verify and troubleshoot ASA transparent firewall operations using CLI
    Configure, verify and troubleshoot management access/protocols on the ASA using CLI and/or ASDM

    Describe Advanced Troubleshooting

    Advanced ASA security perimeter configuraiton/software/hardware troubleshooting using CLI and/or ASD fault finding and repairing

    ^^^Note: Typo's are in the actual topics at cisco.com
    (available at cisco.com)
    ================================================== ====
    Compared vs. 642-617 Official Cert Guide Table of Contents:

    1. Cisco ASA Overview
    2. Working with an ASA
    3. Deploying Basic Connectivity
    4. Deploying IP Connectivity
    5. Managing an ASA
    6. Recording ASA Activity
    7. Using Address Translation
    8. Controlling Access through the ASA
    9. Inspecting Traffic with the ASA
    10. Using Proxy Services to Control Access
    11. Controlling Quality of Service
    12. Creating Virtual Firewalls with the ASA
    13. Deploying High Availability Features
    14. Integrating ASA Service Modules

    (available at ciscopress.com)
    ================================================== ==============

    Compared vs. the CCNP Security Firewall 642-617 Quick Reference:

    Cisco Firewall and ASA Technology
    Basic Connectivity and Device Management
    ASA Access Control
    ASA Network Integration
    AAA Configuration on the Cisco ASA
    ASA High Availability

    (available at ciscopress.com)
    ================================================== ==========

    Compared vs. the Cisco ASA Firewall Course:

    Course Objectives

    Upon completing this course, the learner will be able to meet these overall objectives:

    Evaluate the basic technology, features, and hardware models of the Cisco ASA adaptive security appliance product line.
    Implement and maintain basic Cisco ASA adaptive security appliance connectivity and device management plane features.
    Implement and maintain data plane access control features of the Cisco ASA adaptive security appliance product family.
    Implement and maintain Cisco ASA adaptive security appliance features that integrate it with the local and global routing and switching infrastructure.
    Implement and maintain Cisco ASA adaptive security appliance virtualization and high availability features.
    Evaluate Cisco ASA adaptive security appliance SSM modules, their major features, and integrate them with the Cisco ASA adaptive security appliance.

    Course Outline

    Introduction to the Cisco ASA Adaptive Security Appliance
    Implementation of Basic Connectivity and Device Management
    Deployment of Cisco ASA Adaptive Security Appliance Access Control Features
    Deployment of Cisco ASA Adaptive Security Appliance Network Integration Features
    Deployment of Cisco ASA Adaptive Security Appliance Virtualization and High-Availability Features
    Integration of Cisco ASA Adaptive Security Appliance Security Service Modules
    Appendix A: Configuring Routing on the Cisco ASA Adaptive Security Appliance
    Appendix B: Lab (Optional): Configuring Dynamic Routing

    (available at cisco.com)
    ==============================
    Last edited by instant000; 08-10-2011 at 12:58 PM.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #9
    I talked to a TAC engineer, a 5505 ASA should be able to do everything for this exam (from what he said).
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #10
    Quote Originally Posted by Bl8ckr0uter View Post
    I talked to a TAC engineer, a 5505 ASA should be able to do everything for this exam (from what he said).

    Thanks for the advice.

    One day, I hope to return the favor.

    Yes, those ASA are less than $300 (including shipping) on some of the Buy it now, so at this point, the question becomes (how bad do you want it?).

    .... And then I also wonder about ... how will I ever be able to afford an IPS? But maybe I'll just leave that hurdle for when I come to it. I only know one person in this area that has physical Cisco IPS.

    That may be one of those "remote labs" type of things, as the cost per hour used won't be justified with the IPS product purchase, and remote lab time would probably make more sense. Since I can use the ASA for both the Firewall and VPN test (and is also something I support at work) it makes more sense to "own" this device, as the cost per hour used would be a lot less.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #11
    Quote Originally Posted by instant000 View Post
    Thanks for the advice.

    One day, I hope to return the favor.

    Yes, those ASA are less than $300 (including shipping) on some of the Buy it now, so at this point, the question becomes (how bad do you want it?).

    .... And then I also wonder about ... how will I ever be able to afford an IPS? But maybe I'll just leave that hurdle for when I come to it. I only know one person in this area that has physical Cisco IPS.

    That may be one of those "remote labs" type of things, as the cost per hour used won't be justified with the IPS product purchase, and remote lab time would probably make more sense. Since I can use the ASA for both the Firewall and VPN test (and is also something I support at work) it makes more sense to "own" this device, as the cost per hour used would be a lot less.
    No problem.

    You can run the IDS in GNS3. Those IPS 4200s are way to expensive. I might be looking at Firewall before Secure due to a job responsibility change. Jimmy put this link up in his CCIE thread:
    http://www.gigavelocity.com/rack-3-i...-759_8141.html

    I checked them out. They seem to have great rates and they also have a full CCIE lab, which should be enough for the CCNP:S

    I also did some more checking on the 8.X version. I still can't figure out which one they are testing off of. I have the "ASA Bible" (which covers 8.3). 8.4 is out and 8.5 is on its way. I wonder which one they are testing off of. I might just have to wing it and do a little studying of all a few versions. Now that I've look at it, I think the only major changes involve nat and such.
    Last edited by Bl8ckr0uter; 08-13-2011 at 10:00 PM.
    Reply With Quote Quote  

  13. lrb
    lrb is offline
    Senior Member
    Join Date
    Aug 2010
    Location
    Australia
    Posts
    522

    Certifications
    CCIEx2 #45527 (RS,SP)
    #12
    The FIREWALL exam quick reference guide is available which seems pretty good looking at hte one on mysafari. I can definately vouch for these quick reference guides, if nothing more than to help direct your study a little.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #13
    Quote Originally Posted by Bl8ckr0uter View Post
    No problem.

    You can run the IDS in GNS3. Those IPS 4200s are way to expensive. I might be looking at Firewall before Secure due to a job responsibility change. Jimmy put this link up in his CCIE thread:
    http://www.gigavelocity.com/rack-3-i...-759_8141.html

    I checked them out. They seem to have great rates and they also have a full CCIE lab, which should be enough for the CCNP:S

    I also did some more checking on the 8.X version. I still can't figure out which one they are testing off of. I have the "ASA Bible" (which covers 8.3). 8.4 is out and 8.5 is on its way. I wonder which one they are testing off of. I might just have to wing it and do a little studying of all a few versions. Now that I've look at it, I think the only major changes involve nat and such.
    yes, I saw a guy was running the IPS emulated also. I'll look at that one when I get to it. I'm still going to lab with virtual ASA, unless I have to use physical.

    According to the posts I see about the test at cisco.com, they test on version 8.2
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #14
    Quote Originally Posted by lrb View Post
    The FIREWALL exam quick reference guide is available which seems pretty good looking at hte one on mysafari. I can definately vouch for these quick reference guides, if nothing more than to help direct your study a little.
    Thanks.

    I've been considering getting a book, but I think it'll be more challenging this way.

    Of course, if I fail the test, I will break down and get the book. I'm just experimenting to see whether or not buying a book is necessary to pass a Cisco exam, if you properly cover the objectives.

    My biggest complaint is that the exam objectives are VAGUE.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #15
    Also, I decided to slow down on studying for any certification tests until after I've cleared all of my certification tests for my Master's at WGU. Studying for two certs at once doesn't feel too fun, and I have two classes + CEH to look at right now, so I'll just do those.

    ... Not killing this thread, just may not update it that often, until I get all of the degree-required certs out of the way.
    Reply With Quote Quote  

  17. lrb
    lrb is offline
    Senior Member
    Join Date
    Aug 2010
    Location
    Australia
    Posts
    522

    Certifications
    CCIEx2 #45527 (RS,SP)
    #16
    Quote Originally Posted by instant000 View Post
    My biggest complaint is that the exam objectives are VAGUE.
    What are you talking about? This seems pretty specific to me:

    "Create and test initial ASA appliance configurations using CLI "

    Reply With Quote Quote  

  18. Senior Member alan2308's Avatar
    Join Date
    Apr 2010
    Location
    Ann Arbor, MI
    Posts
    1,809

    Certifications
    CCNA, CCNA Sec, MCSA 2008, MCSA 2012, CISSP
    #17
    Quote Originally Posted by instant000 View Post
    Also, I decided to slow down on studying for any certification tests until after I've cleared all of my certification tests for my Master's at WGU. Studying for two certs at once doesn't feel too fun, and I have two classes + CEH to look at right now, so I'll just do those.

    ... Not killing this thread, just may not update it that often, until I get all of the degree-required certs out of the way.
    The CEH section could use the activity.
    Reply With Quote Quote  

  19. Member
    Join Date
    Apr 2011
    Posts
    78

    Certifications
    CCNA, CCNA:S/CNSS4011, BCNE, Cisco ASA Specialist
    #18
    Thanks for the ASA guide in GNS3! I've tried it a few times, but I am never able to get the logging to work properly. Have you been using the logging or are you using it just for configuration?
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #19
    Quote Originally Posted by lrb View Post
    What are you talking about? This seems pretty specific to me:

    "Create and test initial ASA appliance configurations using CLI "

    They're basically saying that if you want to optimize your study time, you better buy a book. I know I'm trying to go without getting a book for this one (as it is just a personal thing I want to attempt), but I'll probably end up getting a book for the others, as it would speed up the study time.
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #20
    Quote Originally Posted by Maced129 View Post
    Thanks for the ASA guide in GNS3! I've tried it a few times, but I am never able to get the logging to work properly. Have you been using the logging or are you using it just for configuration?
    I looked at the logging tab in the ASDM, and it looked like a bunch of gibberish traffic! Guess you can't emulate everything!
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #21
    I've decided to buy the rough cuts. My apologies, but I felt totally misguided in my preparations, and I felt that I was wasting my time, reading all sorts of guides, on stuff that won't help me at my job, or on the certification exam.
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Apr 2009
    Posts
    5,015
    #22
    I found a good video on the "new" way to nat

    Hope it helps someone:


    Cisco ASA Version 8.3 Network Address Translation (NAT) - YouTube!
    Reply With Quote Quote  

  24. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #23
    Quote Originally Posted by Bl8ckr0uter View Post
    I found a good video on the "new" way to nat

    Hope it helps someone:


    Cisco ASA Version 8.3 Network Address Translation (NAT) - YouTube!
    Hah.

    We have some devices running 8.3, and some running earlier versions. Have to be extra careful in building configs now .... just hope I can convince them to get everything running the same version.
    Reply With Quote Quote  

  25. Member
    Join Date
    Apr 2011
    Posts
    78

    Certifications
    CCNA, CCNA:S/CNSS4011, BCNE, Cisco ASA Specialist
    #24
    how is the journey going?
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #25
    Quote Originally Posted by Maced129 View Post
    how is the journey going?
    Hahahhaa, LOL. I decided to re-focus my energies on my Master's degree. I figure that I might pick back up on studying this, once I hit a strong groove with my WGU studies.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks