Shortly after Cisco Live 2017 in Las Vegas, and a family vacation to Florida, I made the decision to renew my CCNA Security Certification. I received the certification back in January 2014 right after earning CCNP R&S. It took sometime to work through the blueprint, much of it I hadn't dealt with, ASA, SSLVPN, AnyConnect. I used INEs CCNA Security VoD to help bridge the gap.
I took a bunch of notes, created a PowerPoint, a lab topology and a list of labs I wanted to demonstrate in the VoDs. I created a workbook and then recorded the series. It was a lot of fun and allowed me to cover content that I had always wanted to cover. Shortly after the series was finished, I was tasked my first AnyConnect project that integrated with ISE and certificates. Very complex compared to the CCNA level stuff I had covered.
I had an INE AAP and started to cover the CCNP Security SIMOS material. This really helped since it was what I had to deploy. It took a few months and I wrapped up the project. I was then tasked with a large switch upgrade, I figured being a CCIE in R&S, piece of cake! Not! The switch side was easy, it was the heavy integration of ISE for MAB and 802.1x authentication that made me hate life for a couple days. I found the INE CCNP Security SISAS ISE VoD, another score for me. 6 weeks later and a bit of scope creep, TACACS was requested over RADIUS, I was done with that project.
I figured it was time to hit the firewall and threat defense VoDs, well, an SP was a customer and so was a big bank, my focus shifted to SP stuff, L3VPN and L2VPN, BGP, DMVPN, OTV and QoS. This took the bulk of my time and Security was on the back burner. After several months these projects wrapped up and I was hot on the trail to CCIE SP, since I had a CCNP SP it made sense. Not long after that, I switched jobs to an SP, more DC than SP. Several months in and I have found myself on the frontlines with Security again.
Since it is a major focus for me and has been for a few months now, I made the decision to commit to it. This means a regimented approach had to happen. I had to be honest with myself and come up with a plan of attack to cover the material efficiently but not waste time on areas I was familiar with. DMVPN, IOS FW and parts of IPsec I can skip over for now. Focusing on areas I'm not familiar with first. ASA, GETVPN, FLEXVPN, SSLVPN, ISE, ACS, FTD, WSA, ESA and AMP. That's the majority of the blueprint right there. I've had exposure to ISE and FTD from previous jobs so I chose to leave them for later. As it sits now, ASA FW is my current focus, then VPNs, then circle back to IOS FW to round out the infrastructure stuff. Then AAA, ISE, ACS, WSA, ESA, FTD and AMP.
My goal in the next several posts is to layout a detailed expanded blueprint of what I am covering. From my research this far, there are several resources online, INE, Micronics, CiscoLive, LabMinutes and others that have produced material that covers the technologies. My goal is to work through the technologies and put together a holistic solution through RIT in the near future. This time, I won't be doing CCNP and then CCIE, I am going directly to CCIE, CCNP Security will come later. Feel free to join me in the journey, comment below and follow the blog, if your interested, follow me on social media, @rikerrob on Twitter.
Thanks for stopping by!
Rob Riker, CCIE #50693 (R&S) for now.
Good job Rob! Keep the post coming.
ReplyDeleteso what about your 2 year CCIE SP efforts? Did you abandon the goal?
ReplyDeleteAnyway, this is a huge leap, good luck in your studies!
No actually, a recent job change has me back on the SP track again to wrap it up, I need to, it's been a lot of studying to just give up. After that, I'll tackle CCIE Security.
DeleteHello RobRiker,
ReplyDeleteI was planning to subscribe to your VODs in your website. Unfortunately, its not working as I get 404 page not found. Any change in website?
Thanks,
Sethu