RE: Hardware requirement for CCIE LAB security

To add to what John stated, you can also use VMWare server as well. Both
virtualbox and vmware server are free. With vmware server you will need
a license but it's free. (just visit their website)
With VMWare server (probably virtualbox as well but not sure), you can
create several VMs, each running in bridge mode. You can connect to
these remotely (as long as it's bridged mode) using RDP or VNC, depending
on the OS that you use.
From a networking standpoint, most of the VMs (ie. ACS, IPS) are pretty
straightforward. The VM with your VPN client will need two network
interfaces, one for you to connect to, and the other one dedicated for
your lab scenarios. (if you used one network intf, after you connect via
RDP/VNC and fire up the VPN, it would disconnect you because your IP will
change)
As far as your hardware goes, I think you're in good shape. Personally,
I would just use the hardware, then the virtual stuff where needed. You
will need to look in to creating a tap interface to interconnect your
real network to the virtual one. If you're not already familiar with
VMware, I would read up on how it virtualizes network interfaces as well
as how they handle bridge-mode, NAT etc.. because unless you understand
all of this it will be difficult to get your VMs to communicate properly,
both inside the virtual network and the real network.

VMWare Server:http://www.vmware.com/pdf/vmse rver2.pdf
IPS in VMwarehttp://7200emu.hacki.at/v iewtopic.php?t=3095
I haven't messed with IPS in a VM since version 6 was introduced, but I
think I've read that people have been successful in getting it to work.
 The link above is for version 5 so you may want to look around for a
more up-to-date link. (although the process may be the same, or similar)

Mike Reynolds

http://tcpexpert.com

mreynolds_at_tcpexpert.com

Complete CCNA and CCIE Racks

  -------- Original Message --------
  Subject: Re: Hardware requirement for CCIE LAB security
  From: John Lockie <john.lockie_at_gmail.com>
  Date: Tue, May 25, 2010 1:41 am
  To: Akber Ali Mirza <akberali.cisco_at_gmail.com>,
  <mreynolds_at_tcpexpert.com>
  Cc: CCIE Lab <ccielab_at_groupstudy.com>

  http://www.virtualbox.org/ <-- for vm's on your daily use machine
  http://www.vmware.com/products/es xi/ <-- for bare metal lab box to
  run
  multipoe VM's

  Good luck
  John

  On 5/24/10 10:32 PM, "Akber Ali Mirza" <akberali.cisco_at_gmail.com>
  wrote:

> Hello,
>
> Thanks for you email!
>
> Can u please tell me in detail how do i setup a server based PC to
  a VMware
> ..does it require any license?
>
> I have got 2 two ASA 5520 ,1- PIX 506E, switch -3750/3560 and quite
  a few
> 2800/7206/2600 routers do you suggest me to built a hardware lab
  with this ?
>
>
> Regards,
> Akber Mirza.
>
> On Tue, May 25, 2010 at 6:42 AM, <mreynolds_at_tcpexpert.com> wrote:
>
>> You can lab up the majority of the security lab as long as you
  have a
>> computer with a good CPU and a lot of RAM.
>>
>>
>> The routers can use GNS3 or Dynamips. (run 12.4T on a 3700)
>>
>> The AAA server can run inside of a VM image.
>>
>> IPS can run inside of a VM image. (google "ccie ips vmware" or
  something
>> similar - also check out 7200emu.hacki.at)
>>
>> Most of the ASA features can be practiced by using a PIX in GNS3
>>
>> The VPN client can go inside a VM image
>>
>>
>> This won't be perfect as you won't be able to do ASA failover,
  ISR-only
>> features and some other things as well but this will give you most
  of what
>> you need.
>>
>>
>>
>> *
>>
>> Mike Reynolds
>> *
>>
>> TCPExpert.com
>>
>> mreynolds_at_tcpexpert.com
>>
>> Complete CCNA and CCIE Racks
>>
>>
>> -------- Original Message --------
>> Subject: Hardware requirement for CCIE LAB security
>> From: Akber Ali Mirza <akberali.cisco_at_gmail.com>
>> Date: Sun, May 23, 2010 1:10 am
>> To: CCIE Lab <ccielab_at_groupstudy.com>
>>
>> Hello GS,
>>
>> I am looking forward to setup my CCIE security hardware Lab and
  would like
>> to know the ( FW/routers/switches) requirements and if possible
  few lab
>> scenarios.
>>
>> Also would be grateful if you could let me know if we can setup
  this lab on
>> GNS3 .
>>
>>
>> Highly appreciate your efforts.
>>
>>
>> Regards,
>> Akber Mirza.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>>
  _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/ list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
>
  _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/ list/CCIELab.html

  Blogs and organic groups at http://www.ccie.net

  _______________________________________________________________________
  Subscription information may be found at:
  http://www.groupstudy.com/ list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue May 25 2010 - 19:27:29 ART