Skip navigation
Login   |   Register
Cisco Learning Home > CCNA Security Study Group > Discussions
4397 Views 15 Replies Latest reply: Apr 12, 2012 11:25 PM by Karl RSS 1 2 Previous Next

Currently Being Moderated

CCNA Security questions

Apr 12, 2012 2:05 AM

Karl 146 posts since
Apr 14, 2011

I would like to ask some inputs regarding on the materials needed to successfully pass the IINS Exam.
I saw that IINS 640-553 is only until Sept 30 and a new version of the IINS Exam is coming.

What do you think are the big comparison between the two? Is there really a big change on the IINS exam?

I have GNS3 which I can use for my labs (do you think that's enough?)
Do you think we should wait for the new upcoming books with respect to the new IINS exam?


Honestly after passing the CCNA, my plan is embarking on CCNP because 'they' say that it would be easier and comfortable

if you have a clear understanding on the CCNP R&S concepts before delving to the security track (how true is that?).

But my main focus is really in the Security track, I love security!

Should I go to CCNP first before venturing on the Security track or its just fine to study CCNA Security and next is CCNP?


I would really appreciate your effort on answering all my doubts and question.


Thanks in advance!




  • sean evershed 250 posts since
    Jun 25, 2008
    Currently Being Moderated
    1. Apr 12, 2012 2:38 AM (in response to Karl)
    Re: CCNA Security questions

    If your main focus is Secuity then I suggest that you study for the CCNA Security and then move onto the CCNP Security track. You can bypass CCNP Routing and Switching altogether if your interest is Security.

    Alternatively if you have the spare time you could study for two exams at once, say for example the CCNA Security and CCNP Routing.

    Join this discussion now: Login / Register
  • sean evershed 250 posts since
    Jun 25, 2008
    Currently Being Moderated
    3. Apr 12, 2012 5:04 AM (in response to Karl)
    Re: CCNA Security questions


    Check here, the only pre-req for the CCNA Security exam is a valid CCNA.


    With regards to GNS3 I suggest you check the objectives of the exam since it's a couple of years since I've studied for it. In the past I've found it to be an excellent study tool for most certs, even for some of the Voice exams.




    Join this discussion now: Login / Register
  • Currently Being Moderated
    4. Apr 12, 2012 6:43 AM (in response to sean evershed)
    Re: CCNA Security questions

    For what its worth, from my personal experience, CCNA Security was a piece of cake after doing CCNP R&S.  Most of the things in CCNA Sec you wind up tinkering with and learning a good deal about anyway on the path to CCNP.  But to your main goal, taking the direct route would likely make more sense.  If your primary goal is security, in taking CCNP R&S you may find yourself delving into elements of network configuration that may take you away from your primary focus (though the information is powerful and very useful), which leads to my next point.


    Now, as I delve into CCNP Sec, though some of the concepts are familiar with respects to CCNA Security, it is MUCH more in-depth with respect to security configurations (I'm on SECURE 642-637), and if you took the direct track you may find that you would have to brush up on a few R&S concepts and how they tie in to securing elements of thr router and switch, but not too much further from where CCNA R&S took you.


    I guess what I'm saying is that if you want security, stick to the track.  I would only recommend taking the CCNP R&S --> CCNA Security --> CCNP Security track if you have the time for it.  I happen to have had the time (been in the industry for almost a decade), but if I was pressed to get my feet planted and rooted in Sec, I would have taken the direct approach.


    As for GNS3, it may well be the best tool in your toolbox (until you talk about switching).  It made the routing topics and most other topics you will encounter a breeze to grasp.  Practice, practice, practice......Lab, lab, lab.....


    Message was edited by: Knox 1906 (CCNP, CCNA Security)

    Join this discussion now: Login / Register
  • Dajuggernaut06 11 posts since
    Dec 14, 2011

    Thank you all for your responses. @Knox wassup frat? I am glad Karl asked this question as I am studying for CCNA this summer and my interest is security and eventually forensic hacking. I learned what GNS3 is today and have downloaded one as well as studying the CCNA official cert library from Odom with network simulator included. Thanks everyone!

    Join this discussion now: Login / Register
  • Currently Being Moderated
    7. Apr 12, 2012 8:36 PM (in response to Karl)
    Re: CCNA Security questions

    I havent tested all the routers in gns3 with the security labs, because I dont have k9 images for all of them, but last night I was using the 3700 and although the CCP was giving out incompatibility errors it still worked for the lab. Im using the new cisco 1.1 lab book (really ccna sec 2.0 exam). If you study for the current exam which uses sdm, you should not have issues like that.


    Ccna sec 1.1 lab book (2.0) has a new chapter that covers ASA5505, and I am anticipating gns's asa to give me problems with that one.  I'll let you know. Fortunately I have acces to all the real equiment, but I play with gns3 at home.


    Here are the specs for the new ASA topic -  (this is from the lab book 1.1, the new chapter, 10)




    Note: The routers used with this lab are Cisco 1841 with Cisco IOS Release 12.4(20)T (Advanced IP image).

    My Note: if you are using the new curriculum using the ccp, you need to use a 2800 or better router - I am almost certain the 1841 will give you issues using the ccp.  I think that was a misprint.


    The switches are Cisco WS-C2960-24TT-L with Cisco IOS Release 12.2(46)SE (C2960-LANBASEK9-M



    Other routers, switches, and Cisco IOS versions can be used. However, results and output may vary.


    The ASA that is used with this lab is a Cisco model 5505 with an 8-port integrated switch, running OS version

    8.4(2) and ASDM version 6.4(5) and comes with a Base license that allows a maximum of three VLANs.



    Also, you can do the labs without adding the switches - except for the new chapter 10 labs - if you are following the cisco 1.1 labs. You can forego the switches completely in the 1.0 (ccna sec 1.0) lab book.



    Im sure keith barker and catherine paquets new books coming out will be in sync with the 1.1 (ccna sec 2.0) lab book. I always recommend the academy lab books, whether you are taking classes or not.







    Join this discussion now: Login / Register
  • Currently Being Moderated
    9. Apr 12, 2012 8:49 PM (in response to Karl)
    Re: CCNA Security questions

    Not sure which router you mean.  For the current exam, if you have real 1841's you are good to go, as long as they have a 12.4 image with "K9" in it - it could be either a security image, or an advanced ip image. SDM runs fine on it, as far as I know.


    If you are going to use the new curriculum and take the new 554 exam, you MIGHT be able to get away with using 1841's but Im pretty sure I tried that once, and it gave me some incompatibility messages after CCP did the "discovery" process, and then proceeded to not really work properly.  I'll hook up an 1841 tomorrow and check it out again - see how the CCP does with it.  Check ebay for prices and images.


    In you can get 2 or 3 of 2811's you are good to go for the new exam - I use the CCP on those with no problem.


    The academy has no official text book for the security class (like the CCNA 1 - 4 books), but they do publish a paperbound "Course booklet" which is the online ccna security curriculum, in print format, without the graphics and flash (obviously). Then there is the Lab booklet.  Amazon has both for cheap.


    Kind of hard to advise, since I dont know if you are taking classes or not.  Either way, you can still use the academy material, or you could get Kevin Wallaces CCNA security, but I dont know if there is much in the way of Labs in that book. Or you can wait for Keith Barkers and Catherine Paquets new books for the new exam.


    Lots of options...oh, then you need an ASA 5505


    I harp on the 1841 and 2811 routers because Cisco built the class and labs around those. Other routers, as mentioned, will work, just be careful.


    Happy to answer any more questions if I can...

    Join this discussion now: Login / Register
  • Currently Being Moderated
    10. Apr 12, 2012 9:04 PM (in response to Karl)
    Re: CCNA Security questions

    Oh, to answer your other question about GNS3


    --- getting the right image, and various gns glitches and frustrations that may happen aside ---


    YES, GNS3 is enough to study for CCNA security current exam. ASA in GNS may be problematic, if you are doing the new exam . As I said, I ran the 3700 router, with only a warning from CCP that it was not compatible (wrong version of CME, [call manager express], which doesnt matter), but it worked.


    Also, funny enough, I just set up a site to site vpn in PT (1841 router), so you can start playing with that if you have it.  You can also practice two other objectives in that router, auto secure, and secure boot-image, not to mention all the more mundane security configs we need to know. Im going to see how far I can push packet tracer!



    Join this discussion now: Login / Register
  • Currently Being Moderated
    12. Apr 12, 2012 9:42 PM (in response to Karl)
    Re: CCNA Security questions

    Well, again, its kind of hard, no one size fits all.  For general ccnp route/switch you are looking at 3550 switches and 2621xm or 1841 routers as kind of typical.


    There are lots of variations, and it usually comes down to a balance of what you can afford, vs. how much of the material can you actually practice with the routers and switches you buy.



    I would recommend:


    1) spending time searching the topic in the CCNP forums, lots of good info.

    2) getting your feet wet by checking out this link

    3) buying the CCNP Route Cisco Academy Lab Manual and checking out the topologies and see what they are using in those labs.




    P.S. You can study for CCNP Route buy getting one real router with an image that will work in GNS.  Thats the lowest cost solution.

    Join this discussion now: Login / Register
  • Currently Being Moderated
    14. Apr 12, 2012 11:15 PM (in response to Karl)
    Re: CCNA Security questions

    Ok, I just flipped through the CCNA Route Lab Manual and here is what they use to do every lab in the book:



    (4) 1841 routers with Cisco IOS Release 12.4(24)T1 and the advanced IP services image c1841-advipservicesk9-mz.124-24.T1.bin.


    (1) WS-C2960-24TT-L (Switch) with the Cisco IOSimage c2960-lanbasek9-mz.122-46.SE.bin.


    You can use one of the routers in GNS as a substitute, but not sure which would be best, ask the CCNP group.



    Join this discussion now: Login / Register


More Like This

  • Retrieving data ...

Bookmarked By (0)