CCIE Security Lab Workbook Volume I

Are you looking to isolate your CCIE lab preparation on an individual topic basis? Tired of spending hours setting up a lab topology? Are you weak on a specific topic like QoS, and want to see what the different variations of its configuration are? Look no further, Internetwork Expert's CCIE Security Lab Workbook Volume I is your key to success!
Internetwork Expert's CCIE Security Lab Workbook Volume I presents the topics covered in the CCIE Security Lab Exam in an easy to follow, goal-oriented step-by-step approach. By isolating each topic on its own you are able to see, firsthand, the various ways to configure each technology, and what the specific implications of a configuration are. By understanding these fundamental operations of the protocols you will be able to predict advanced and sometimes subtle interactions when the various technologies are configured together.

IEWB-SC-VOL1 Content

Below is a list of some of the topics covered in the CCIE Security Lab Workbook Volume I ( IEWB-SC-VOL1):

• PIX/ASA Firewall
• Basic Configuration
• Configuring VLANs and IP Addressing
• Configuring and Authenticating RIP
• Configuring and Authenticating OSPF
• Redistribution, Summarization and Route Filtering
• Access Control
• Common Configuration
• Filtering with IP Access Lists
• Using Object Groups
• Administrative Access Management
• ICMP Traffic Management
• Configuring Filtering Services
• Configuring NAT
• Dynamic NAT and PAT
• Static NAT and PAT
• Dynamic Policy NAT
• Static Policy NAT and PAT
• Identity NAT and NAT Exemption
• Outside Dynamic NAT
• DNS Doctoring with Alias
• DNS Doctoring with Static
• Same-Security Traffic and NAT
• Advanced Firewall
• Firewall Contexts Configuration
• Administrative Context and Resource Management
• Active/Standby Stateful Failover with Failover Interface
• Active/Active Stateful Failover with Failover Interface
• Monitoring Interfaces with Active/Active Failover
• Filtering with L2 Transparent Firewall
• ARP Inspection with Transparent Firewall
• Filtering Non-IP Traffic with L2 Transparent FW
• Handling Fragmented Traffic
• Handling Some Application Issues
• BGP Through the PIX/ASA Firewall
• Multicast Routing across the PIX/ASA Firewall
• System Monitoring
• DHCP Server
• Modular Policy Framework
• HTTP Inspection with MPF
• Advanced FTP Inspection
• Advanced ESMTP Inspection
• Authenticating BGP Session Through the Firewall
• Implementing Traffic Policing
• Implementing Low Latency Queueing
• TCP Normalization
• Management Traffic and MPF
• ICMP Inspection Engine
• VPN
• Common Configurations
• IOS Router and the PIX/ASA
• IOS Router and VPN3k
• GRE and DMVPN
• VPN3k Easy VPN/WebVPN
• IOS Easy VPN
• PIX/ASA Easy VPN/WebVPN
• IPsec LAN-to-LAN
• IOS and the PIX/ASA with PSK
• IOS and the PIX/ASA with PSK and NAT on the Firewall
• IOS and the PIX/ASA with Digital Certificates
• IOS and the PIX/ASA: Matching Name in Certificate
• IOS and IOS with PSK Across the PIX/ASA
• IOS and IOS with PSK Across the PIX/ASA and NAT
• IOS and IOS with PSK Across the PIX/ASA with Overlapping Subnets
• IOS and IOS with PSK Across the PIX/ASA and NAT with IKE AM
• IOS and IOS with Digital Certificates Across the PIX/ASA
• IOS and VPN3k with PSK
• IOS and VPN3k with PSK using CLI only
• IOS and VPN3k with Digital Certificates
• IOS and VPN3k with PSK: Tuning IPsec Parameters
• IOS and VPN3k: Filtering Tunneled Traffic
• GRE and DMVPN
• GRE Tunnels over IPsec with Static Crypto Maps
• GRE Tunnels over IPsec with Crypto Profiles
• DMVPN with PSK
• Easy VPN
• VPN3k and Cisco VPN Client
• VPN3k and Cisco VPN Client with Split-Tunneling
• VPN3k and Cisco VPN Client with HoId-Down Route
• VPN3k and Cisco VPN Client with RRI
• VPN3k and Cisco VPN Client with DHCP Server
• VPN3k and Cisco VPN Client with RADIUS Authentication
• VPN3k and Cisco VPN Client with External Group
• VPN3k and Cisco VPN Client with Digital Certificates
• VPN3k and IOS ezVPN Remote Client Mode with Split-Tunneling
• VPN3k and IOS ezVPN Remote NW Extension Mode with RRI
• IOS and IOS ezVPN Remote Client Mode with Xauth/RRI
• IOS and IOS ezVPN Remote NW Extension Mode with Xuath/RRI
• PIX/ASA and Cisco VPN Client with Split-Tunneling/Xauth/RRI
• The PIX/ASA and Cisco VPN Client with External Policy
• The PIX/ASA and Cisco VPN Client with RADIUS Auth/ACL
• The PIX/ASA and Cisco VPN Client with Digital Certificates
• The PIX/ASA and IOS ezVPN Remote NW Extension Mode
• WebVPN and SSL VPN
• ASA and WebVPN Client
• ASA and WebVPN Port Forwarding
• ASA and SSL VPN Client
• VPN3k and WebVPN Client
• VPN3k and WebVPN Port Forwarding
• VPN QoS
• IOS and the PIX/ASA: Policing the L2L IPsec tunnel
• IOS and VPN3k: QoS for L2L Tunnel
• The PIX/ASA and Cisco VPN Client: Per-Flow Policing
• QoS Pre-Classify for IPsec Tunnel
• Advanced VPN Topics
• Decoding IPsec Debugging Output on VPN3k
• IPsec and Fragmentation Issues
• ISAKMP Pre-Shared Keys via AAA
• IPsec NAT-T: L2L Tunnel with VPN3k and IOS Box
• IKE Tunnel Endpoint Discovery (TED)
• IPsec VPN High-Availability with HSRP
• IPsec High Availability with NAT and HSRP
• IPsec Pass-Through Inspection on the PIX/ASA
• L2TP over IPsec between the ASA and Windows 2000 PC
• VPN3k and PPTP Client
• Using ISAKMP Profiles
• IOS Firewall
• Common Configuration
• Basic Access-Lists
• Reflexive Access-Lists
• Dynamic Access-Lists
• Stateful Inspection with CBAC
• CBAC Port-to-Application Mapping
• Preventing DoS Attacks with CBAC
• CBAC Performance Tuning
• Authentication Proxy with RADIUS
• Content Filtering with IOS Firewall
• Identity Management
• Network Admission Control
• ACS Setup for NAC
• NAC L3 IP With the ASA and Cisco VPN Client
• NAC L3 IP with VPN3k and Cisco VPN Client
• Intrusion Prevention
• Basic Configuration
• IPS Initial Setup
• Configuring Inline VLAN Pair
• Promiscuous Mode Monitoring with RSPAN
• Monitoring IPS with IPS Event Viewer
• Event Processing
• Configuring Event Summarization
• Creating Custom Signature
• Event Counting
• Inline Blocking
• Event Action Override
• Event Action Filtering
• IPS Network Access Control (Shunning)
• Rate Limiting with IPS
• Network Attacks
• Layer 2/3 Attacks
• Mitigating ARP Spoofing Attack with PIX/ASA
• Mitigating DHCP Attacks with DHCP Snooping
• Mitigating ARP Attacks in DHCP Environment
• Mitigating MAC/IP Spoofing in DHCP Environment
• Protecting Spanning-Tree Protocol
• Protecting Against Broadcast Storms
• Mitigating VLAN Hopping Attacks
• Protecting Against Network Mapping
• Blackhole Routing using PBR
• Intrusion Prevention with PIX/ASA

Topology

The physical topology used in the Security Lab Workbook Volume I is identical to that of Internetwork Expert's CCIE Security Lab Workbook Volume II (IEWB-SC-VOL2), and remains the same throughout all labs in the series. This topology can be easily replicated in your home lab with minimal cost and is also supported through our CCIE Security Rack Rentals. See the How to Build a CCIE Rack page for specific information on the devices used.

Authors

At-a-Glance

• The CCIE Security Lab Workbook Volume I is covered by our exclusive Investment Protection Program.
• Free online discussion forum actively monitored by the actual authors of the labs