CCIE SEC

1. Virutal Private Networks [VPN]

Basic VPNs
  • LAN-to-LAN IPSec VPNS [with NAT-T & without NAT-T]
  • GRE, GRE/IPSEC
  • Static-Virtual Tunnel interface [S-VTI]
Advanced VPNs
  • DMVPN
  • GET VPN
  • VRF-Aware VPNs
  • VPNs using Certificates with Router as a CA Server
IKEv2 VPNs
  • D-VTI /S-VTI based Site-To-Site VPN
  • D-VTI /S-VTI based Spoke-to-Spoke using NHRP

2. Firewalls – ASA

Basic Configuration
  • Interface configuration
  • Security Levels
  • Management [Telnet / SSH]
  • Routing [RIPv2, EIGRP, EIGRP, BGP]
  • NAT
    • Dynamic NAT
    • Static NAT
    • Dynamic PAT
    • Static PAT
    • Destination NAT
    • Manual NAT/Twice-NAT
  • Access Policies
Transparent firewall
  • Initialization
  • Access policies/Routing Protocol Access
  • Ethertype ACLs
Redundancy
  • Redundant Interfaces
  • Port-channels
  • Security Contexts [Virtual Firewalls]
  • Failover
    • Active/Standby
    • Active/Active
  • Clustering
    • Spanned mode
    • Individual Interface mode
Deep-Packet Inspection using MPF
  • Tuning the global policy
  • Configuring custom L7 policy
VPNs
  • Site-to-Site IPSec
  • Remote access
    • SSL
    • IKev2

3. Firewalls – Firepower Threat Defense [FTD]

Basic Configuration
  • FMC & FTD Integration
  • Interface configuration
  • Routing [Static Routing, RIPv2, OSPF, BGP]
  • NAT [Dynamic/Static NAT, Dynamic/Static PAT, Destination NAT, Manual NAT]
  • Access Control Policies - Basic
  • Access Control policies – Advanced
  • Site-to-Site VPN

4. Content Filtering using WSA & ESA

WSA
  • Initialization
  • Integration with Routers/Switches/Firewall using WCCP
  • Configuring traffic policies
  • Configuring custom categories
ESA
  • Initialization
  • Integration with E-mail servers and DNS
  • Configuring Mail flow policies
  • Configuring outgoing mail filters
  • Configuring incoming mail filters

5. Basic Wireless LAN Configuration

Configuring the base network
  • Configure the switches for the base network
  • Configure DHCP server
WLC Configuration
  • Initialization of the WLC
  • Configuring VLAN interfaces
  • Configuring WLANs

6. Identity Management using ISE

Wired ISE
  • Configuring the relationship between Switch & ISE
  • Configuring Identity groups and users
  • Configuring Dot1x authentication with VLAN assignment
  • and DACL
  • Configuring MAB for IP Phone
Wireless ISE
  • Configuring the relationship between WLC & ISE
  • Configuring Dot1x authentication with VLAN assignment
  • Configuring SXP between ISE, WLC & Firewall to implement filtering using SGT
Device Administration
  • Router/Switch Authentication
  • Router/Switch Exec & Command authorization
  • Router/Switch Accounting

7. Router / Switch Security

Router Security
  • NTP
  • uRPF
  • DHCP server / DHCP Relay Agent
  • Syslog
Switch Security
  • Port-security
  • DHCP snooping
  • ARP Inspection
  • Source guard
  • VLAN ACL