3 of 3 people found the following review helpful:
2.0 out of 5 stars
Worst Cisco Press Book, December 26, 2003
This review is from: CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide (CCSP Self-Study) (Hardcover)
I have been using Cisco Press books since 1998. I have achieved CCNA, CCDA, CCNP, CCDP all by self study using Cisco Press books combined with field experience and lab work. Prior to this book, I was overall satisfied with Cisco Press books and recommended others to use them. When I read this book, I was totally frustrated by the volume of incorrect information and syntax errors. This book was written by authors who are inexperienced with PIX product line. The technical reviewers have done a poor job too. Cisco Press should recall this book until a revised version is released.
The cover says this book is for 9E0-111 (expired) and 642-521. However, the book does not address FWSM and Pix Firewall MC at all. Both of these are 642-521 exam objective. Most command syntax are incorrect. Go to www.cisco.com, on the search engine type "Cisco PIX Firewall Command Reference". Pick the Version 6.2 command reference. Commands are listed by alphabetic order. Check the syntax there. In some sections, the book does not give enough information to get the job done. The list of errors is too long to put here but following is a sampler:
Chapter 4:
Page 49 under "Accessing the Cisco PIX Firewall with Secure Shell" it must be mentioned that the user needs to generate an RSA key pair before attempting to use an SSH client. Setup PIX hostname and domain-name and use "ca generate rsa key" followed by "ca save all", in addition to what has been said under this section otherwise SSH will fail.
Chapter 5:
Page 69, Sentence before the numbered items (1,2,3,4) says "The connection requires four different..." It should be "The connection requires three different..." TCP connection establishment is a 3-way handshake: SYN, ACK+SYN, ACK. So the fourth list should be merged to item 3 above. Also it uses starting TCP sequence number of 125 and 388. Note that this is an example and could be any other number (system dependent).
Page 73, Table 5-1 lists "Translations Commands". This table should be entirely re-written. Only the first 3 are the commands. Rest are argument keywords and variables (user specified values). All three commands (nat, global, and static) should be re-written separately with their own arguments or remove the table entirely.
Page 74, syntax for "global" command has "[global_ip]" indicating a single IP (as in PAT). The syntax should be corrected to indicate a range for NAT pool. The example below is correct, however.
Page 76, syntax for "static" command is wrong and incomplete. Why is the "static" command in "[]" to start with?
Page 77, syntax for "static" for port redirection is wrong.
Page 78, Example 5-1, access-list 101 line 1 and 3 has "[specific source]". I can understand this type of thing in syntax, but when output of a config is given, where did this come from? Mind replacing this with "any" or something more specific??
Chapter 6:
Page 101 lists 6 steps to enable DHCP Server on PIX. What is listed as "Step 1" should be the last step. If you try to do "Step 1" without doing "Step 2", PIX gives error "need to define address pool range first"
Chapter 7:
Page 115, under "nat 0 Command", it mentions the use of nat 0 but fails to mention one of the most important use of it, i.e., VPN configuration.
Page 121, Example 7-6, shows "object-group protocol_grp_citrix" it should be "object-group protocol protocol_grp_citrix" or "object-group protocol grp_citrix". It should be "protocol" keyword followed by protocol object group name.
Chapter 9:
Page 145, under "What is Required for a Failover Configuration", the sentence before the bullets say "Both must be the same for" and the last bullet says "Activation key". How can the activation key be the same on two PIX units? The activation key is unique to each individual unit. It should read "Activation key type" (e.g., both DES or 3DES). One important information that is missing is, one unit must have unrestricted license (UR) while the other unit can have failover license (FO) or restricted license (R) or yet another UR license. UR+FO is the most practical choice (cost wise).
Page 151, "Step 1" should be after "Step 6".
Chapter 10:
Page 162-163, Figure 10-3, 10-4 shows ESP and AH but neglects to mention that the packet format shown are for IPSec transport mode. PIX supports both transport and tunnel mode but tunnel mode is the default and is used mostly.
Page 163, under "NOTE" not sure what is implied. If it means you need DES/3DES, PIX 6.2 came with DES and can now be freely upgraded to 3DES by visiting cisco.com
Page 164, under "Internet Key Exchange (IKE)" the second sentence says "IKE is the short name for ISAKMP/Oakley". This is wrong. IKE is a combination of three different protocols: ISAKMP, Oakley, and SKEME
Page 165, under "NOTE" editors comment can be seen "Please change this sentence to read:". Way to go Cisco Press.
Page 177, all keywords "crypto-map" should be replaced with "crypto map" those are 2 separate keywords.
Page 177, before the "crypto map" command syntax the paragraph says "Normally you have at least 5 crypto-map entries with the same name". It should be 4 crypto map entries and the 5th one is to apply to the interface. As always syntax error on the 5th command syntax. There is no "seq-num" when applying to an interface.
NOTE: None of the configs in this chapter will work until you use the "nat 0" command to bypass IPSec traffic from being natted.
Page 184, "Cisco VPN Client" is misleading and incomplete.
Page 185, Table 10-8 should be frustrating to anybody new to PIX. You have to use "vpngroup group_name" and a space and one of the others in the following list, e.g., "vpngroup my_group_name address-pool my_pool_name"
** Word count of 1000 limits me from adding more to this list
Shamim Khan, BSEE, MSCS
NetPlus, Inc.
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
3 of 3 people found the following review helpful:
3.0 out of 5 stars
Fine if it had been proofread properly, May 11, 2003
By A Customer
This review is from: CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide (CCSP Self-Study) (Hardcover)
Wait for the next edition of this book is my advice. There are numerous errors in the text which some basic proofreading would have discovered and the exam provided with it is a joke, there are so many incorrect answers.
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
2 of 2 people found the following review helpful:
1.0 out of 5 stars
This book was worthless..., April 21, 2005
This review is from: CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide (CCSP Self-Study) (Hardcover)
Just took the exam and passed - barely. If I hadn't taken the actual Cisco training class I would have failed and this book would have been the prime reason. The exam was MUCH more in depth on a NUMBER of areas that the book did not even being to go deeper then about a paragraph into, if at all. This book was poorly written, difficult to use, the examples were horrible and it CERTAINLY WAS NO USE FOR EXAM PREP - DO NOT BUY THIS BOOK.
The Pix FOS is already pretty unfriendly (compared to IOS) and a book that didn't just show you the help output and then break the option into tables (which looked lifted from CCO) would have been a big help - you know, something with actual explanations of how things are configured an such. This book was nowhere near this and a real disappointment, especially since it's a "Cisco Press" book. What the book turned out to be is was a hack job that was poorly put together, inaccurate, and useless for exam prep - which is horrible since it is marketed as a CCSP "self study guide." There were even examples that were wrong within the book.
BEWARE.
-Calvin
Help other customers find the most helpful reviews
Was this review helpful to you? Yes
No
