Hi Guys,

I'm about to start studying for the CCNP Security Firewall exam, I'm just waiting on the Cisco Press book to come through. I also plan on purchasing the CBT nuggets for the FIREWALL exam.

I'd just like to know from other people's experiences what they did for labs. ASAs cost in excess of £1,000 here (even used ones). I'm probably going to attempt to set an ASA up in GNS3 but from what I've heard, it seems pretty flakey. Can anyone point me in the right direction for GNS3+ASA?

In general I'd just like to hear about other peoples experiences with this exam.

Cheers!

the GNS ASA emulation runs at most 8.0x something, you'll need at least 8.4 for the exam. I've been looking at a basic ASA 5505, here in US ~$250 on Ebay. I'm only seeing the 642-617 videos on cbt nuggets, I wouldn't go for that at full price - exam is retired although changes are minimal, but changes in NAT between the old exam and new exam is quite important to know both ways. For the labs, I have downloaded the 8.2 cli configuration guide from Cisco, there are some good configuration examples which I think would make good labs, i've finished reading this, less the VPN stuff, also downloaded the 8.4 cli configuation guide, using that to brush up on the NAT and ACL changes. also just started reading the CP 642-618 exam guide. stupid dog chewed up and ripped off half the binding on the book, pissed me off to no end, brand new 70 dollar book, grrrrr. i digress.

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

Running 8.4 code in GNS3 right now - very nice - just make sure you have enough memory or your system or the ASA will crash.

That sucks dude!! This is a good reason for going with ebooks/PDFs

_________________
http://blog.movingonesandzeros.net/

humm, stupid web site says "up to version 8.0(2)."
i'll have to get it up and running. saved me $$$ thanks.

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

Yeah its pretty nice - running ACS 5.3 in a VM then separate networks inside GNS3 with the ASA - all devices running auth through ACS, and running Anyconnect SSL VPN on the ASA with auth to the ACS.

It's pretty easy to do, there's a number of blogs where people have uploaded all the files (except the actually image), I got mine up and running in less than 10 mins...


Sent from my iPhone using Tapatalk

I got it all working. For some reason the putty console wouldnt load and then GNS3 just kept crashing, all sorted now though.

Does anybody have an activation key for the failover feature, for use in GNS3.

another good resource is to download and install the ASDM demo from Cisco,
I did this last night, and it's pretty cool, there like 6 or 8 sample configurations
that can be loaded.

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

Anyone seeing a high util on the cpu-core that qemu vm is running on?

Tried 'cpulimit' (linux) but it pushes qemu/asa into the background.
Shows as a stoped job. I tried: fg , fg 1 , fg %1 and nothing brings it back.

I was found just one lab in dump ? is it only one lab sim question ? thanks

That's cheating, as well as breaking nda


Sent on the move...

_________________
www.mellowd.co.uk/ccie/

I would like to study for this exam but am pretty confused as to how to obtain all the material, and what material I would need to learn and pass the exam.

1. How do I get a copy of the Cisco ios and ASDM and at what vesions?
2. Do I need to purchase a actual ASA firewall or is there a simulator I can download somewhere?
3. Where can I find actual lab exercises that I can use in configuring the firewall?

It's no use to me in a sense to purchase over $1100 to watch cbt nugget video (and thats just for the first part of the exam, not the second 642-648 VPN training), while I'm not putting it into practice in a lab.

What did you guys use? What do you recommend? I see some people using GN3 but I would need an actualy copy of the Cisco ios which I dont have. Shame on Cisco for not offering free ios for training purposes only. Seems like just to get the training setup they make you woprk for it. I've spent a full day on the net researching for materials and have ended up more confused than when I started. It's not a difficult concept for a company to offer the training material (videos, books, ios, etc) in order to pass the exam, especially if you are willing to pay. Instead it seems that you have to dig around for pieces here and there and mix them all together just to get started.

Where can I start? Where should I start?
Thanks everyone!

Use 642-618 OCG
download the ASDM Demo from the Cisco site
there are many many ASDM examples in the OCG of what you should learn how to do,

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

Thanks, any suggestions on the cli?
What did you use to study and prepare?
Thanks!

You didn't look very hard did you..... took me 10 minutes to find a blog that had the right files attached. No I can't help you out any more.

Alternatively, how about trying to get hold of someone with a valid CCO to help out? (e.g. work?).
You do realise don't you even if you legitimately obtain an ASA OS image you'll need to run it through some linux scripts to produce something usable by Qemu.

And re: real hardware, guess what, it may involve a cost. An ASA5505 can be had second hand for around 400AUD (which is around the same USD). Not cheap but not exactly outrageous either.
I'm sorry you're confused after researching the internet, but if this stuff was easy then anybody could walk in off the street and do it.

I would suggest paying for an actual hands on real teacher CCNA and then going from there. (not sure if you're already done but I'm assuming not as its not on your sig? - you do know you need to do a CCNA R&S then CCNA Security as a prerequisite before any CCNP Sec material like FIREWALL?)