Since I posted the problems experienced with PEMU and ASA emulation I decided that I wasnt going to waste any more time dealing with bugs. So I managed to convince my work that they should give me an ASA 5510 for my lab. With no questions asked, I had one two days later :)))
Practical study has been purely Volume I workbooks. I’ve gone through almost every single ver 5.0 lab (except the IPS ones), and gone through 1/3 of the VPN labs a second time. Today i’m working on the ASA labs again.
Some notes on the Volume I labs….they arent all correct. I have come across errors which have sent me down the troubleshooting path for long periods of time. Its not all that bad though, stuff seems to stick better when that happens.
Initially, I was overwhelmed with the amount of VPN variations there are, and I guess without knowing how to configure them all it seemed like every single one was going to take a while to master. Not that i’m a master yet, but when it all boils down…if you know ISAKMP and IPSEC then each variation is really straight forward. Things like, DMVPN and GET VPN are a piece of cake.
For the theory side, since I havent taken my written exam yet I read the entire CCBOOTCAMP written study guide. Its ok, not a bad primer for some topics, and a review of some legacy products etc that will appear on the 2.0 written, but probably not enough on its own. I also purchased the Complete VPN configuration guide & Security troubleshooting handbook; of which i’m halfway through the configuration guide (its quality reading!). SSL Remote Access VPN’s got a bit of a read, but most of its based on ASDM or SDM – The first half is a good intro though.
I’ve read the config guides from time to time, but i’m nowhere near the stage of trying to remember where everything is….that comes later :)
For CoD learning i’ve watched almost all the INE videos once – Unfortunately they pail in comparison to the R&S ones. They were packed full of almost every technology you come across (5 extra days content though!).
A special mention for video content goes to the Cisco Networker 2009 videos. My work purchased a subscription and there are two (so far!) really good 2HR videos:
Advanced Topics in Encryption Standards and Protocols
Presented by Saadat Malik who wrote Network Security Principles and Practices. He explains ISAKMP even better than he does in the book. If you can get access….I highly recommend. Try signing up for a free account, it may be one of the free ones available. reason why I say that is, when I had a free account it seemed to let me add a few videos to my profile then after a while I couldnt add any more. Deffinately worth a go.
Troubleshooting Firewalls
A really good explanation on packet flow through the ASA, troubleshooting tips and shortcuts, etc. Highly worth it. I’ll probably watch it again.
Overall, I think that progress is good. I’m hoping to do my first full scale lab soon.
