Hi Shaun & Matt,
If your goal is to study for the exams then it’s best to start with the blueprints that have the exam topics. I’ve added them in the attachment.
Here’s a general overview:
The SIMOS exam has topics like DMVPN, FlexVPN, IPsec, GETVPN, etc. You can test any of these topics on IOS routers and the ASA. I would make sure that you use IOS 15 and the latest ASA images otherwise you might run into issues with commands that are not supported.
SENSS is all about security on switches, routers and the ASA.
In the SITCS exam you have some different topics…there’s WSA (Web Security Appliance) and ESA (Email Security Appliance). These products are available as hardware boxes but also as VMWare images.
SISAS is about 802.1X and using ISE (Cisco Identity Services Engine)
Basically, you need this:
- IOS routers
- IOS switches
- ASA Firewalls
- VMWare workstation or ESXi for the virtual appliances
If you want real hardware then you could look at some 3560/3750 switches, the 1841 or 28xx series routers, the ASA 5510s and/or the 5506-X (because of the new features).
Personally, I would build an ESXi server that runs Cisco VIRL. This allows you to run all routers, switches and ASA firewalls that are required. You can use your ESXi server to run all the other requires virtual appliances as well. You’ll be able to practice 99% of all the topics in the CCNP Security exams with a single server.
Hope this helps 
Rene
300-206_senss.pdf (112.2 KB)
300-207_sitcs.pdf (116.1 KB)
300-208_sisas.pdf (120.2 KB)
300-209_simos.pdf (100.7 KB)