Customer Reviews

CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide (CCSP Self-Study)

5 star:		(3)
4 star:		(4)
3 star:		(4)
2 star:		(10)
1 star:		(10)

 

 

I have been using Cisco Press books since 1998. I have achieved CCNA, CCDA, CCNP, CCDP all by self study using Cisco Press books combined with field experience and lab work. Prior to this book, I was overall satisfied with Cisco Press books and recommended others to use them. When I read this book, I was totally frustrated by the volume of incorrect information and syntax errors. This book was written by authors who are inexperienced with PIX product line. The technical reviewers have done a poor job too. Cisco Press should recall this book until a revised version is released.

The cover says this book is for 9E0-111 (expired) and 642-521. However, the book does not address FWSM and Pix Firewall MC at all. Both of these are 642-521 exam objective. Most command syntax are incorrect. Go to www.cisco.com, on the search engine type "Cisco PIX Firewall Command Reference". Pick the Version 6.2 command reference. Commands are listed by alphabetic order. Check the syntax there. In some sections, the book does not give enough information to get the job done. The list of errors is too long to put here but following is a sampler:

Chapter 4:
Page 49 under "Accessing the Cisco PIX Firewall with Secure Shell" it must be mentioned that the user needs to generate an RSA key pair before attempting to use an SSH client. Setup PIX hostname and domain-name and use "ca generate rsa key" followed by "ca save all", in addition to what has been said under this section otherwise SSH will fail.
Chapter 5:
Page 69, Sentence before the numbered items (1,2,3,4) says "The connection requires four different..." It should be "The connection requires three different..." TCP connection establishment is a 3-way handshake: SYN, ACK+SYN, ACK. So the fourth list should be merged to item 3 above. Also it uses starting TCP sequence number of 125 and 388. Note that this is an example and could be any other number (system dependent).
Page 73, Table 5-1 lists "Translations Commands". This table should be entirely re-written. Only the first 3 are the commands. Rest are argument keywords and variables (user specified values). All three commands (nat, global, and static) should be re-written separately with their own arguments or remove the table entirely.
Page 74, syntax for "global" command has "[global_ip]" indicating a single IP (as in PAT). The syntax should be corrected to indicate a range for NAT pool. The example below is correct, however.
Page 76, syntax for "static" command is wrong and incomplete. Why is the "static" command in "[]" to start with?
Page 77, syntax for "static" for port redirection is wrong.
Page 78, Example 5-1, access-list 101 line 1 and 3 has "[specific source]". I can understand this type of thing in syntax, but when output of a config is given, where did this come from? Mind replacing this with "any" or something more specific??
Chapter 6:
Page 101 lists 6 steps to enable DHCP Server on PIX. What is listed as "Step 1" should be the last step. If you try to do "Step 1" without doing "Step 2", PIX gives error "need to define address pool range first"
Chapter 7:
Page 115, under "nat 0 Command", it mentions the use of nat 0 but fails to mention one of the most important use of it, i.e., VPN configuration.
Page 121, Example 7-6, shows "object-group protocol_grp_citrix" it should be "object-group protocol protocol_grp_citrix" or "object-group protocol grp_citrix". It should be "protocol" keyword followed by protocol object group name.
Chapter 9:
Page 145, under "What is Required for a Failover Configuration", the sentence before the bullets say "Both must be the same for" and the last bullet says "Activation key". How can the activation key be the same on two PIX units? The activation key is unique to each individual unit. It should read "Activation key type" (e.g., both DES or 3DES). One important information that is missing is, one unit must have unrestricted license (UR) while the other unit can have failover license (FO) or restricted license (R) or yet another UR license. UR+FO is the most practical choice (cost wise).
Page 151, "Step 1" should be after "Step 6".
Chapter 10:
Page 162-163, Figure 10-3, 10-4 shows ESP and AH but neglects to mention that the packet format shown are for IPSec transport mode. PIX supports both transport and tunnel mode but tunnel mode is the default and is used mostly.
Page 163, under "NOTE" not sure what is implied. If it means you need DES/3DES, PIX 6.2 came with DES and can now be freely upgraded to 3DES by visiting cisco.com
Page 164, under "Internet Key Exchange (IKE)" the second sentence says "IKE is the short name for ISAKMP/Oakley". This is wrong. IKE is a combination of three different protocols: ISAKMP, Oakley, and SKEME
Page 165, under "NOTE" editors comment can be seen "Please change this sentence to read:". Way to go Cisco Press.
Page 177, all keywords "crypto-map" should be replaced with "crypto map" those are 2 separate keywords.
Page 177, before the "crypto map" command syntax the paragraph says "Normally you have at least 5 crypto-map entries with the same name". It should be 4 crypto map entries and the 5th one is to apply to the interface. As always syntax error on the 5th command syntax. There is no "seq-num" when applying to an interface.
NOTE: None of the configs in this chapter will work until you use the "nat 0" command to bypass IPSec traffic from being natted.
Page 184, "Cisco VPN Client" is misleading and incomplete.
Page 185, Table 10-8 should be frustrating to anybody new to PIX. You have to use "vpngroup group_name" and a space and one of the others in the following list, e.g., "vpngroup my_group_name address-pool my_pool_name"
** Word count of 1000 limits me from adding more to this list

Shamim Khan, BSEE, MSCS
NetPlus, Inc.

Wait for the next edition of this book is my advice. There are numerous errors in the text which some basic proofreading would have discovered and the exam provided with it is a joke, there are so many incorrect answers.

Just took the exam and passed - barely. If I hadn't taken the actual Cisco training class I would have failed and this book would have been the prime reason. The exam was MUCH more in depth on a NUMBER of areas that the book did not even being to go deeper then about a paragraph into, if at all. This book was poorly written, difficult to use, the examples were horrible and it CERTAINLY WAS NO USE FOR EXAM PREP - DO NOT BUY THIS BOOK.

The Pix FOS is already pretty unfriendly (compared to IOS) and a book that didn't just show you the help output and then break the option into tables (which looked lifted from CCO) would have been a big help - you know, something with actual explanations of how things are configured an such. This book was nowhere near this and a real disappointment, especially since it's a "Cisco Press" book. What the book turned out to be is was a hack job that was poorly put together, inaccurate, and useless for exam prep - which is horrible since it is marketed as a CCSP "self study guide." There were even examples that were wrong within the book.

BEWARE.

-Calvin

The study guide is only moderately valuable, and sometimes confusing. Worse, the practice exam is sometimes blatantly incorrect.

Example: What kind of protocol is easiest to spoof?
Possible answers: UDP, TCP, ICMP, All protocols, or DNS
The "correct" answer is "TCP is the more difficult to spoof..."

I've found a few other errors, making the practice test virtually useless. In the example, the given answer is correct for a different question. In some cases, the answer is actually wrong for the question.

I'm disappointed that an "official" study guide from Cisco Press has so many issues.

The previous reviewer's comment that it's better than nothing is pretty accurate. The book is not organized with the exam objectives in mind, and it appears to have undergone no quality control checks whatsoever. To call some of these mistakes typographical errors is graciously optimistic.

Even the accompanying practice exam was flawed. About 10 minutes into it I got a question whose "correct" answer logically contradicted the parameters of question itself. I'll never know how good or bad the remainder of the exam was, because I immediately uninstalled the program in disgust.

My biggest complaint, however, is that too much material covered on the exam is missing from the book. Sure, the book will get you throught he basics of setting up a PIX firewall, but topics such as the Firewall Services Module, the CiscoWorks Firewall Management Console, and the Auto Update Server are conspicuously absent. And these topics were prevalent on the exam.

With that said, I did pass the exam on the first attempt. But it was thanks to some of the other practice exams and source materials that I was able to make up for the deficiencies and errors in this book. Had I taken this book as gospel, I have no doubt that I would have failed.

I need these study guide books to get me through the CCSP certification, but I am certainly going to avoid anything else by these two authors if possible. Frankly, I'm not sure they understand how some of these technologies (e.g., VPN protocols) really work. They certainly haven't explained them well to me.

CCSP Cisco Secure PIX Firewall Advanced - Exam Certification Guide by: Greg Bastien and Christian Abera Degu is a good source for anyone that is interested in setting up and configuring a Cisco PIX. I found page after page of useful information without all the unnecessary filler introduced by other authors.

If you have no experience with a Cisco PIX this book is a good start. It can help you select the proper model for your needs. Each model has different features that may or may not be important to your use. The differences are outline in a model by model summary followed by a complete comparison chart of the all the models.

Once you select your model you will need the basics to get going. The authors do a great job of covering the commands that you will need to get started. Examples highlight the usage, which helps when there are multiple arguments available for a single command.

As you progress through the book the subject matter increases in complexity, but the authors keep you informed. Cicso has built in the power to their operating system, but unleashing that power needs some explaining. The advanced commands are helpful since there are times when difficult configurations push us to the test. Having the insight to the power and proper use of certain commands and configurations help us overcome these obstacles.

I was impressed with the scenarios provided in the end. I like the way that the authors challenged me with their configurations and tested my skill and understanding. Their explanations have helped me to reconsider and change my configuration and setup to provide for a more secure network, which is something that we all need these days.

On the book's negative side I found quite a few errors in spelling and grammar. It seems to have been poorly proofread. I found the word "network" spelled "netowrk." How does that get by? My spellchecker corrected it for me, but somehow this made it passed the spellchecker used by the authors and was not caught by the proofreaders.

There are a few sections where I found some copy and paste errors. For example in the section regarding the Cisco 520, the body text reads "Cisco 515" in error. This leads to some confusion if you are not alert. It could easily lead you to believe the Cisco 515 can function the same as a Cisco 520, which is not always the case.

Another annoyance is the fact that some of the figures in the book do not use the same IP scheme as what is written in the text. It is as if the scenario or configuration was written and the figure was not updated to correspond, or vise versa. This makes it a little hard to follow along. I found it easier to correct the figure with a pen then to change the text.

Overall I feel that the book is a good reference guide, but does not make the cut for a study guide. There are too many errors that are distractions while studying. I should not need to hold a pen in my hand as I read along to make corrections. That is the job of proofreading.

I used to work for the Cisco TAC supporting the PIX Firewall and am in the process of getting my CCSP. This book has been OK, but I have seen some pretty blatant errors. ... I've been gone from TAC for 3 years now and much of the bad information in this book was wrong even then. It's not like they made mistakes on new technology.

In any case, if you have experience with the PIX Firewalls, this will give you a good idea of what is going to be on the test. But don't use it as your sole resource. I've been using the Boson practice tests and they seem very solid so far.

If you don't have any experience with the PIX, BE CAREFUL and find other resources in addition to this. I haven't read any other current books on the PIX, so you may want to read the official documentation on Cisco's web site instead.

A couple of notes to add after taking the test. One big thing that is missing from this book and the exam outline from Cisco is that you will get questions about the PIX-specific CiscoWorks components. The PIX AUS and the PIX MC. Look for documentation on those on CCO and get the basics of what you can do with them before you take the exam.

I can't add much to the comments already posted here, except to support the view that this book is a waste of time and money. It will NOT help you pass the exam. Even if it covered all the material (in my estimation, it omits ~20% of the required curriculum), it still simply copies or paraphrases the (free) Cisco Configuration and Command Reference guides.

At best it's a waste of money, at worst it will give you a false sense of what is required for the exam.

CCSP Cisco Secure PIX Firewall Advanced - Exam Certification Guide by: Greg Bastien and Christian Abera Degu is a good source for anyone that is interested in setting up and configuring a Cisco PIX. I found page after page of useful information without all the unnecessary filler introduced by other authors.

If you have no experience with a Cisco PIX this book is a good start. It can help you select the proper model for your needs. Each model has different features that may or may not be important to your use. The differences are outline in a model by model summary followed by a complete comparison chart of the all the models.

Once you select your model you will need the basics to get going. The authors do a great job of covering the commands that you will need to get started. Examples highlight the usage, which helps when there are multiple arguments available for a single command.

As you progress through the book the subject matter increases in complexity, but the authors keep you informed. Cicso has built in the power to their operating system, but unleashing that power needs some explaining. The advanced commands are helpful since there are times when difficult configurations push us to the test. Having the insight to the power and proper use of certain commands and configurations help us overcome these obstacles.

I was impressed with the scenarios provided in the end. I like the way that the authors challenged me with their configurations and tested my skill and understanding. Their explanations have helped me to reconsider and change my configuration and setup to provide for a more secure network, which is something that we all need these days.

On the book's negative side I found quite a few errors in spelling and grammar. It seems to have been poorly proofread. I found the word "network" spelled "netowrk." How does that get by? My spellchecker corrected it for me, but somehow this made it passed the spellchecker used by the authors and was not caught by the proofreaders.

There are a few sections where I found some copy and paste errors. For example in the section regarding the Cisco 520, the body text reads "Cisco 515" in error. This leads to some confusion if you are not alert. It could easily lead you to believe the Cisco 515 can function the same as a Cisco 520, which is not always the case.

Another annoyance is the fact that some of the figures in the book do not use the same IP scheme as what is written in the text. It is as if the scenario or configuration was written and the figure was not updated to correspond, or vise versa. This makes it a little hard to follow along. I found it easier to correct the figure with a pen then to change the text.

Overall I feel that the book is a good reference guide, but does not make the cut for a study guide. There are too many errors that are distractions while studying. I should not need to hold a pen in my hand as I read along to make corrections. That is the job of proofreading.

There is a 2nd release of this book not yet in print. This book does NOT cover what you need to pass the test. I just took the test using this book, it was NOT adequate.