alt.certification.cisco - Re: PIX for home lab

Author

Re: PIX for home lab - 520?

LUKE YI

2003-05-21, 8:24 am

what about 520? I know it's old one. would it be inferior to 515 or 525 in
terms of functionality or features?
I just ordered one used 520 with 4 nic and 16mb flash... do you reckon i
should get rid of this and get 515 or 525 instead?

"John" <jwholmes@earthlink.net> wrote in message
news

an.2003.05.19.14.05.10.596207@earthlink.net...
> On Sun, 18 May 2003 20:40:31 +0000, Mark Rothko wrote:
>
> > Anybody have a good rec?
> >
> > I have a CCNA and am one exam (CIT) short of my CCNP. My company is
> > planning to in the next 6 months to a year begin to place PIX's (most
> > likely, we are an all Cisco shop already) at the remote sites and begin
to
> > redesign the home network with more robust security in mind. I think I
> > could be the right person in the right spot to advance if I had a CCSP
or at
> > least a Firewall specialist cert. I have a modest home lab with a
couple of
> > routers, a couple of switches, and an ISDN simulator. I have some extra
> > cash, and am thinking of buying a PIX to help me with my cert. The
506's

> > are cheap, but they only have 2 interfaces. The 515's are a bit more
and
> > have more interfaces, but would I really need that extra capacity? I
don't

> > want to spend money on stuff I don't need, but then again, I don't want
to
> > spend money and end up short. Would it help to have 2 506's or is one
PIX
> > enough for training?
> >
> > Any suggestions?
> >
> > MR
>
> Use 2 PIX 525s so you can do failover and have lots of interfaces

> Just kidding! A PIX 501 will do pretty much everything except failover
> (which is easy to learn)and if you understand ASA then more interfaces
> just means more hassle while learning. Keep it simple and concentrate on
> the concepts. The PIX is pretty simple to learn compared to routers.

Chris Buechler

2003-05-26, 10:24 pm

"LUKE YI" <cisco_security@hotmail.com> wrote in message
news:3ecb7dbb@duster.adelaide.on.net...
> what about 520? I know it's old one. would it be inferior to 515 or 525 in
> terms of functionality or features?
> I just ordered one used 520 with 4 nic and 16mb flash... do you reckon i
> should get rid of this and get 515 or 525 instead?

No, a 520 with 16 meg flash will do you just as well as a 515 or 525. In
fact the major difference between those is speed, which you won't care about
in a home lab. Your main concern, IMO, should be the number of interfaces
and amount of flash.

For the interfaces, you need at least 3 to appropriately learn all the
intricacies of multi-interface configurations. As a previous poster said,
"think DMZ". You'll rarely find a corporate network without one, except in
small branch offices, and for telecommuters. You'll definitely want to do
some DMZ configurations to learn that aspect of things.

Since you have 4 interfaces, you can get even more complicated. I've seen
several larger companies with web farms with a 4 interface PIX. One
outside, one inside, one DMZ (where the web servers are located) and one for
the database servers for the web farm.

As for flash, on a 520 you want 16 meg, so what you have is good. That will
support the newest PIX OS, the 6.x versions, preferably 6.2 or 6.3. If it
has a 5.x version on it now, upgrade it to 6.x, preferably 6.3. The 6.x
line includes a number of enhancements not found on the 5.x line, and 6.3
includes some cool stuff not found in earlier 6.x versions.

If I'd consider anything else for your lab, it would be to add a 501 to
experiment with VPN tunneling. I see this being used more and more now, in
lieu of leased lines, and other WAN technologies. For example, in a company
with branch offices in large cities where internet bandwidth is relatively
cheap, a VPN tunnel can be substantially cheaper than a leased line. In
smaller cities and towns where bandwidth is still pretty expensive, the cost
difference is usually negligible.

That's my 2 cents.

Chris

Sponsored Links