Solved: CCNP Security Lab

navneethjayaram · ‎08-21-2016

Hello all,

Could anyone please recommend the best way to practice labs for CCNA & CCNP Security. GNS Qemu or ASAv in Unetlabs or Viral?.

I know for the most of the CCNA security labs GNS3 will do the trick, but what about CCNP sec? any recommendation other than physical hardware.

Please shed some light.

Thank you

Nav Jayaram

Karsten Iwen · ‎08-21-2016

For CCNP Security it depends on which Exam you are studying for:

SENSS:
You need IOS routers, IOS switches und ASA Firewalls. All can be simulated with VIRL.
SIMOS:
You need IOS routers with actual IOS and ASAs. Both are available in VIRL.
SISAS: You need an ISE, IOS switches and ideally an ASA. The ISE is available as virtual appliance with an evaluation license.
SITCS: This one is the hardest to get: The actual course-version is quite outdated, many people expect that the training will be updated with actual technology in the near future. You need an ESA and a WSA which are available as virtual appliances with evaluation licenses, Cloud Web Security (CWA) should also be available as an evaluation. If you do this Exam last you will probably also need FirePOWER IPS and/or ASA with FirePOWER (the actual version includes ASA CX). The FirePOWER IPS is available as an virtual appliance, same for the FirePOWER Management server. Perhaps it makes sense to get one piece of hardware here, the ASA 5506-X with FirePOWER.

If you have budget for a Cisco training, I would attend at least the SITCS as these topics are the hardest to build a lab for and these topics are often the ones that the average CCNP Security student is not familiar with.

View solution in original post

Karsten Iwen · ‎08-21-2016

For CCNP Security it depends on which Exam you are studying for:

SENSS:
You need IOS routers, IOS switches und ASA Firewalls. All can be simulated with VIRL.
SIMOS:
You need IOS routers with actual IOS and ASAs. Both are available in VIRL.
SISAS: You need an ISE, IOS switches and ideally an ASA. The ISE is available as virtual appliance with an evaluation license.
SITCS: This one is the hardest to get: The actual course-version is quite outdated, many people expect that the training will be updated with actual technology in the near future. You need an ESA and a WSA which are available as virtual appliances with evaluation licenses, Cloud Web Security (CWA) should also be available as an evaluation. If you do this Exam last you will probably also need FirePOWER IPS and/or ASA with FirePOWER (the actual version includes ASA CX). The FirePOWER IPS is available as an virtual appliance, same for the FirePOWER Management server. Perhaps it makes sense to get one piece of hardware here, the ASA 5506-X with FirePOWER.

If you have budget for a Cisco training, I would attend at least the SITCS as these topics are the hardest to build a lab for and these topics are often the ones that the average CCNP Security student is not familiar with.

Marvin Rhoads · ‎08-21-2016

Nice summary Karsten.

I would add that The Cisco Learning Network Premium subscription is also a good source for CCNP Security training materials. It helped me in my CCNP Security studies. Hands on helps but a lot of the CCNP security can be learned via reading and videos.

https://learningnetwork.cisco.com/community/certifications/ccnpsecurity

There is also a Cisco Press book for SISAS now (though you won't likely see any of the others come out)

http://www.ciscopress.com/store/ccnp-security-sisas-300-208-official-cert-guide-9781587144264

See also LabMinutes.com and CBTnuggets for great resources.

navneethjayaram · ‎08-23-2016

thank you very much for the advise.

Marvin Rhoads · ‎08-23-2016

You're welcome. Please rate helpful answers and mark your question as answered. It helps the forum.

navneethjayaram · ‎08-23-2016

thank you very much for the advise.