• Candidates that need to acquire their CCIE Security certificate.
• Network engineers/designers that need to raise their knowledge to an expert-level.

Day 1 - Cisco ASA

• Theory and basic configuration
• Routing protocols on ASA
• ASA management
• Network address translation
• Basic Modular Policy Framework (MPF)
• Advanced protocol inspection (FTP, HTTP, ICMP, SMTP, IM, DNS)
• ASA virtualization
• Failover (A/S, A/A)
• Interface redundancy
• Transparent firewall
• Quality of service (LLQ, Policing, Shaping)
• SLA
• IP Services on ASA
• URL filtering and ActiveX blocking
• ASA troubleshooting

Day 2

1) Site to Site VPN

• Site to Site VPN (IOS, ASA)
• IOS Certificate Authority
• Site to Site VPN using PKI
• VPN hairpinning
• Easy VPN (IOS, ASA)
• VPN using ISAKMP Profiles
• GRE over IPSec
• DMVPN Phase 1
• DMVPN Phase 2 (with EIGRP, OSPF)
• DMVPN Phase 3 (with EIGRP, OSPF)
• DMVPN Phase 2 Dual Hub (Single and Dual Cloud)
• GET VPN (PSK and PKI)
• GET VPN COOP

2) Remote Access VPN

• Easy VPN (IOS and ASA)
• Cisco VPN Client (PSK and PKI)
• IOS SSL VPN
• Clientless SSL VPN
• AnyConnect SSL VPN
• Cisco Secure Desktop
• L2TP

3) Advanced VPN Features

• High-Availability VPNs and VTI
• Reverse Route Injection (RRI)
• VPN Load Balancing
• Intra-Interface VPN Traffic
• NAT Transparency
• Split Tunneling
• QoS for VPNs

Day 3

1) IPS

• Sensor initialization and basic setup
• Promiscuous mode
• Inline mode
• Inline VLAN Pair mode
• VLAN Groups (Inline & Promisc)
• Traffic flow notification
• Signature tuning
• Building custom HTTP signature
• Building custom String signature
• Building custom ATOMIC IP signature
• Using META signatures
• IPS blocking
• IP Logging
• Application policy enforcement
• Configuring Rules
• Configuring Anomaly Detection
• Configuring Virtual Sensors

2)Identity Based Network Services

• Configure Cisco Secure ACS
• Configure RADIUS and TACACS+ security protocols (AAA)
• ASA Cut-thru Proxy
• Router Cut-thru Proxy
• Configure certificate-based authentication
• 802.1X Authentication
• Authentication without 802.1X
• Guest and Restricted VLANs
• MAC authentication bypass
• Web Authentication Proxy
• 802.1X Dynamic VLAN Assignments

Day 4

1) Securing the Control Plane

• Control Plane Policing (CoPP)
• CCPr and Port Filtering
• CPPr and Queue Thresholding
• Routing Protocol Protection
• CPU and Memory Threshold Notification
• Protect against fragmentation attacks
• Protect against malicious IP option usage
• Protect against network reconnaissance attacks

2) Securing the Management Plane

• Securing management services
• Role-Based Access Control
• Cisco IOS Management Plane Protection (MPP)
• SNMPv3
• NTP
• SYSLOG

3) Securing the Data Plane

• Traffic Filtering using Access-Lists
• Dynamic access lists
• Reflexive access lists
• Time-based access lists
• Packet filtering using MQC
• Implementing security RFCs (RFC1918/3330, RFC2827/3704)
• Black Hole and Sink Hole solutions
• RTBH filtering (Remote Triggered Black Hole)
• TCP Intercept
• Protect against Smurf attacks
• CAR
• NBAR
• NetFlow
• uRPF
• Cisco IOS Flexible Packet Matching (FPM)
• NAT and PAT
• IOS Classic Firewall (CBAC)
• Zone-Based Policy Firewall (ZPF)
• IOS IPS

3) Advanced L2 Security

• VLAN Access Lists
• Private VLANs
• Mitigating DHCP Server Attacks
• Mitigating ARP Spoofing Using DAI
• Examining IP Source Guard
• Port Security
• Preventing L2 packet storms
• Protect against VLAN hopping attac

Day 5

• 8+ hours mock lab with all technologies