Looking for Lab enviroment recommendations

pj-itpropj-itpro Posts: 8Registered Users ■□□□□□□□□□
I'm currently preparing for the CCNA Security exam and would like to know what should be considered a good low-cost lab environment sufficient enough to pass the exam. Also looking for geeks that had passed the exam to give me some info that will be useful for me to pass it. I will take all the help I can get icon_cheers.gif

Comments

  • alan2308alan2308 Senior Member Ann Arbor, MIPosts: 1,854Member ■■■■■■■■□□
    I got through the CCNA Security with GNS3. The IOU images (L2 and L3) and the ASAv are more than adequate for that cert.

    Do you have any gear on hand already?
  • JD20JD20 Posts: 60Member ■■■□□□□□□□
    I bought an old ASA 5505 on Ebay. I liked having a physical piece of gear I could play with. Good luck man!
    Certs: CCNA: R&S, CCNA: Sec, CCDA, MCSA: Server 2012, Security+, Cloud Essentials, Project+, A+
  • pj-itpropj-itpro Posts: 8Registered Users ■□□□□□□□□□
    JD20 said:
    I bought an old ASA 5505 on Ebay. I liked having a physical piece of gear I could play with. Good luck man!
    Yes I'm thinking in doing this to have more hand-on experience, they are around $100 right?
  • AvgITGeekAvgITGeek Senior Member Posts: 259Member ■■■■□□□□□□
    edited November 2018
    You'll run into the same challenges you do with other Cisco equipment. The SN needs to match up with a valid service agreement to get any software upgrades. You might miss out on recent ASDM and ios but it should work provided you don't need failover. You should probably look into upgrading the RAM on it. I was able to max mine out under $100 (I can't remember what the max level is at the moment, maybe 512MB? I don't have it powered on. Sorry :( )
  • clarsonclarson Posts: 885Member ■■■■□□□□□□
    I think you will need a least version 9.x for the asa software and 7.3 for the asdm software.  and it will only work with certain computer operating systems with certain versions of java installed.

    to run version 9.x of the asa software you will have to have at least 512mb of ram installed.  it might run also with 1g stick installed.  there is only one memory slot, but your testing my memory.  and there is a limit on how big you can go.  as in for the 5505, a 2 gb stick might not boot up.
  • pj-itpropj-itpro Posts: 8Registered Users ■□□□□□□□□□
    AvgITGeek said:
    You'll run into the same challenges you do with other Cisco equipment. The SN needs to match up with a valid service agreement to get any software upgrades. You might miss out on recent ASDM and ios but it should work provided you don't need failover.
    Any specific i should look on the licensing when making the purchase?
  • MitMMitM Posts: 568Member ■■■■□□□□□□
    I'd probably purchase VIRL and use the IOSv and ASAv images instead of buying an older 5505.  

    If you want physical gear, I'd go with a 5506-X instead
  • clarsonclarson Posts: 885Member ■■■■□□□□□□
    There are two main licenses for the 5505.  the standard license which is going to be enough for the ccna:security.  You just need to have recent enough software to be studying what your going to be seeing on the test.

    then there is the security plus license.  more or less doubles the capacity and users.  and gives you a few extra features like a dmz and active/passive failover.

    then there are a lot of niche licenses to enable other features that your not going to get tested on.

    there are a lot of ebay sellers that will say "it was removed from a working environment".   which isn't so bad.  but if they cant tell you what the licensing is, they have never turned it on.  I've seen enough bad units that I wouldn't buy one without knowing the license because then I know that it is functional.

    unfortunately, those that take the time to know the licensing also know that being licensed for more things is worth more.  and will charge as such.

    and these come with a plastic case.  and while it came from a working environment, they don't call removing equipment a "tear out" because of all the extra care they take.  a cracked case might not bother you, but an uncracked case will sell better when you have finished taking your exam.

    and lastly, they do come with a power brick.  they do plug into the wall, but not with your standard computer power cord.  So, make sure it comes with it or that you know what else your needing to buy.  and be sure the wire isn't frayed or the connectors damaged.
  • clarsonclarson Posts: 885Member ■■■■□□□□□□
    and as far as memory.  if you find one with 256mb ram, the ram can easily be upgraded.  but it will come with old software that will need to be upgraded too.  get the software first.  because if you don't have the software to do the upgrade the unit is worthless to you.

    but, the ram is just old ddr1 memory that came with a lot of computers a long time ago.  go to a computer recycler and pick up a stick for a couple of bucks.  3 screws to remove the cover.  take it apart to get the ram.  take it with you so you get the same kind, only with a larger amount.
  • pj-itpropj-itpro Posts: 8Registered Users ■□□□□□□□□□
    clarson said:
    and as far as memory.  if you find one with 256mb ram, the ram can easily be upgraded.  but it will come with old software that will need to be upgraded too.  get the software first.  because if you don't have the software to do the upgrade the unit is worthless to you.

    but, the ram is just old ddr1 memory that came with a lot of computers a long time ago.  go to a computer recycler and pick up a stick for a couple of bucks.  3 screws to remove the cover.  take it apart to get the ram.  take it with you so you get the same kind, only with a larger amount.
    Thanks will take those tips on to consideration.
  • pj-itpropj-itpro Posts: 8Registered Users ■□□□□□□□□□
    clarson said:
    and as far as memory.  if you find one with 256mb ram, the ram can easily be upgraded.  but it will come with old software that will need to be upgraded too.  get the software first.  because if you don't have the software to do the upgrade the unit is worthless to you.

    but, the ram is just old ddr1 memory that came with a lot of computers a long time ago.  go to a computer recycler and pick up a stick for a couple of bucks.  3 screws to remove the cover.  take it apart to get the ram.  take it with you so you get the same kind, only with a larger amount.
    Thanks will take those tips on to consideration!
  • pj-itpropj-itpro Posts: 8Registered Users ■□□□□□□□□□
    alan2308 said:
    I got through the CCNA Security with GNS3. The IOU images (L2 and L3) and the ASAv are more than adequate for that cert.

    Do you have any gear on hand already?
    Yes this is what I have in place at the moment, now I'm currently looking for more study content after finishing the CCNA SEC course on Pluralsight, any suggestions?
  • alan2308alan2308 Senior Member Ann Arbor, MIPosts: 1,854Member ■■■■■■■■□□
    Honestly, it's been 6 years and two exam revisions since I did the CCNA Security.  When I took it, all you had to know about the ASA is what it is.  :D 

    Labminutes has a lot of great video series, though most of it is well beyond CCNA Sec level. Udemy has a lot of great paid content  (Baldev Singh's combined CCNA Sec/CCNP Sec deep dive is incredible, I picked it up during a promo after how highly recommended it came). And when all else fails, Cisco has great PDFs on every topic on their site that are a Google search away.
  • pj-itpropj-itpro Posts: 8Registered Users ■□□□□□□□□□
    alan2308 said:
    Honestly, it's been 6 years and two exam revisions since I did the CCNA Security.  When I took it, all you had to know about the ASA is what it is.  :D 

    Labminutes has a lot of great video series, though most of it is well beyond CCNA Sec level. Udemy has a lot of great paid content  (Baldev Singh's combined CCNA Sec/CCNP Sec deep dive is incredible, I picked it up during a promo after how highly recommended it came). And when all else fails, Cisco has great PDFs on every topic on their site that are a Google search away.
    Alan I recently purchase two course from Udemy one of the from Matt Carey and the other is about setting labs. Unfortunately not the one you recommend it but I have 30 days to exchange just in case  
  • BlackoutBlackout Principle Security Engineer Raleigh, NCPosts: 512Member ■■■■□□□□□□
    I just passed the 210-260 yesterday, my lab is pretty extensive as I test out quite a fw builds and features for my customer at home. I recommend either using GNS3 or VIRL for the NA Security. I personally have both an ASA5515-X and an ASA5506-X, but due to the nature of how my lab is built and used I couldn't do much in the way of labbing. So I dropped VIRL on my server and labbed from there. The vast majority of the test will be based on the ASA 5505, VIRL will have everything you need onboard for labbing. 
    Current Certification Path: CCNA, CCNP Security, CCDA, CCIE Security

    "Practice doesn't make perfect. Perfect practice makes perfect"

    Vincent Thomas "Vince" Lombardi
  • jamshid666jamshid666 Member Fayetteville, NCPosts: 48Member ■■■□□□□□□□
    I passed the CCNA-Security on my second attempt yesterday.  I did all of my lab work with GN3 and it was more than adequate to pass the exam.  Make sure you get lots of practice with ASDM and know all of the screens and wizards inside and out.  I failed the first time because I didn't want to use a "stupid GUI tool" since I'm an old-school Unix admin that prefers to handle everything from the command line.  
    WGU BS - Network Operations and Security Estimated completion: May 2019
    Remaining courses: C846 (ITIL), C768 (OA), C850 (OA), C769 (Capstone)
    Active Certifications: A+, CCDA, CCNA-R&S, CCNA-Security, CIW-SDA, i-Net+, Network+, Project+, Security+, Server+, Splunk Certified User, VCP-DCV
    Expired Certifications: CCNP, LPIC-1, MCSE, RHCSE,
Sign In or Register to comment.