CCIESEC CCIE Security - Lab Preparation

6 Day Course
Hands On
Official Curriculum

This course has been retired. Please view currently available Cisco CCIE Training Courses.


Hide all

ASA/PIX Firewall (14 topics)

  • Initial Configuration of PIX/ASA
  • Routing
  • Translations and Connections
  • Access Control Lists and Object Groups
  • Deep Packet Inspection
  • Control URL's and FTP commands using MPF
  • Running BGP thru the Firewall
  • TCP Normalization
  • Transparent Firewall
  • ARP inspection on Firewall
  • Virtual Firewalls (Security Contexts)
  • Active/Standby Failover
  • Statefull Failover
  • Active/Active Failover

IPSEC/VPN (12 topics)

  • LAN-to-LAN IPSec using NAT-T
  • IPSec Hairpinning
  • EZVPN in Client and Network Extension Mode
  • QoS with IPSec
  • DMVPN thru the Firewall
  • Basic Configuration of VPN Concentrator
  • Routing on the Concentrator
  • Administration and Filtering on the Concentrator
  • LAN-to-LAN Tunnel on the Concentrator
  • EZVPN on the Concentrator in Client Mode
  • EZVPN on the Concentrator in Network Extension Mode without XAUTH
  • Remote Access on the Concentrator with RRI and Split Tunnelling

IPS Sensor (8 topics)

  • IPS in Promiscuous Mode
  • Blocking Using ASA
  • IPS in Inline Mode - Interface Pair and Inline VLAN Pair
  • Signature Tuning
  • Custom Stream Signatures
  • Custom HTTP Signatures
  • Custom Packet Signatures

Access Management (8 topics)

  • Configuring ACS for Network Devices
  • Configuring Users and Groups on ACS Server
  • Configuring Routers, Switches and ASA/PIX for Management Authentication using ACS Server
  • Configuring Command Authorization based on the ACS server
  • Configuring Accounting based on the ACS Server
  • Configuring Authentication Proxy on the ASA
  • Configuring Authentication on the Concentrator from the ACS Server
  • Configuring NAC-802.1X Authentication on the Switch

Advanced Network Security and Network Attacks (12 topics)

  • Preventing IP Spoofing
  • Configuring NAT on Routers
  • Configuring IP TCP Intercept
  • Blocking ICMP Attacks
  • Port Security on the Switches
  • DHCP Snooping
  • Dynamic ARP Inspection (DAI)
  • IP Source Guard
  • Mitigating Attacks using CAR
  • Mitigating Attacks using NBAR
  • IOS Firewall
  • Blocking attacks using PBR


At least 2 years hands-on experience with Cisco Security and SAFE Blueprint architecture. Students should have passed the CCIE Security Written exam and may already hold some of the security certifications such as CCSP, etc.

Additional Learning

The courses below may help you meet the knowledge level required to take this course.

Relevant Certifications

Course PDF