Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1449
Views
0
Helpful
3
Replies

Cisco Security Lab Setup

Marius Gunnerud
VIP
VIP

‎09-08-2011 06:33 AM - edited ‎03-09-2019 11:39 PM

I am currently studying for my CCNP Security but will later move on to CCIE. I have the oportunity to get my hands on some very cheap 1841 routers now, but before I go buying stuff I would like to know what would be a good setup for CCNP Security study with the possibility of going to CCIE.

Also I have been eyeing an ASA 5505 Appliance with image ASA5505-BUN-K9, will this be sufficient or should I go for the 5510?

Would appreciate any advice on setting up this lab, preferably not too expensive.

Thanks

--
Please remember to select a correct answer and rate helpful posts
Labels:
0 Helpful
3 Replies 3

NormMuelleman
Level 1
Level 1

‎09-12-2011 01:16 PM

Hello Marius!

I am in the same boat as you. I have been struggling with trying to create a virtual environment within GNS3 software. What a pain THAT has been. I finally got it configured, but SDM's features dont all work. It might be the IOS, just haven't wanted to troubleshoot..need to let myself calm down for a couple days

Anyway, I was looking for purchasing a couple routers for my lab as well. I'm currently deployed overseas, so I've been avoiding it as I really dont have room in my quarters for some routers, etc. I can use them at work at least, so that might be the answer for me. But, in doing research, 1841's are listed at acceptable for use with SDM on Cisco's website here:

http://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_installation_guide09186a00803e4727.html#wp37069

It has to have IOS 12.3(8)T4 or later.

I've been looking at 2610XMs myself...

Hope this helps!

0 Helpful

Marius Gunnerud
VIP
VIP
In response to NormMuelleman

‎09-12-2011 11:09 PM

I have gotten GNS3 working and it was fine when I did Routing and Switching. The problem with GNS3 is that many commands are missing (especially on the switches). I am guessing that it is because a 15 port router is used to simulate a switch.  also am having issues getting ASA to work in GNS3 as I have been unable to "unpack" the IOS image I currently have to retrieve the initrd and kernel.

What I am currently looking at getting is 2 x 1841 routers, 2 x ASA 5510, and 2 x 3560 switches with EMI image.

Any comments about this setup for security study? Pros, cons...etc.

thanks,

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Tim Schneider
Level 1
Level 1

‎09-13-2011 07:16 AM

If you want to test failover you'd need 2 ASA5510.

I wouldn't recommend 5505 since IOS commands differ "greatly" from the ASA5510 ones.

Also don't forget that CCNP Security includes IPS, and the exam is very difficult if you've never worked or trained with the SDM for IPS (it differs from ASDM pretty much).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents