Cart
By now you have no doubt seen the update to the CCIE Security Lab that is set to debut around April of 2009. Most Probably you received an email from Cisco Career Certifications and Training – or you maybe you received an email from a study partner. In either case – you probably jumped over to the Cisco CCIE website saw a list of the updated blueprint topics – here: http://www.cisco.com/web/learning/le3/ccie/security/lab_exam_blueprint_v3.html .
But when we break down what we see here – what do we really have that we need to study that is new from the 2.0 blueprint?
Actually – a whole lot. You see while the lab blueprint often tells us specific technologies – it often doesn’t give us the whole story of what can be nested within said technology. While some of these are major changes (new studies), some are certainly not as major. There are a couple listed here (not but a few) which could be argued whether or not they will actually show up on an exam, such as an ASA Phone Proxy (but then again it is on a FW and you don’t expect the Voice guys to know it would you? (just kidding Voice guys, I am one of you ;-), but at least knowing that they are there and where to find them in the Documentation web site is always helpful since they fall in that grey area where proctors say “if it can be found in the IOS/software/hardware, it is a testable topic”. Yeah – like they are going to test me on DLSW+ since it is in 12.4T. Man I hope not. Been a long time since I played with DLSW way back in 2002.
Anyway, I digress.
Let’s try and break this down by hardware device to get a better idea of what we need to be studying (specifically) that has changed from Sec BP ver2.0 and where:
ISR Routers / IOS:
- Zone-Based CBAC
- Stateful CBAC Failover
- CBAC Ingress Rate and Session Policing
- CBAC Trusted Relay Point
- ACL Object Groups
- SSL VPN
- GET (Group Encrypted Transport) VPN
- DMVPN with Dynamic QoS per Spoke
- VRF aware DMVPN (though I seriously doubt this one would be in the Security exam – more like SP)
- EasyVPN with DVTI (Dynamic Virtual Tunnel Interface)
- EasyVPN with Dynamic FW Push to Clients
- Easy VPN integration with LDAP (Uhhh, can you say “The ACS server is now an AD server as well”?)
- L2L VPN with DVTI and QoS
- HA Stateful NAT
- NAT Optimized Media Paths
- CA PKI Server (yep that’s right – the router is now the CA Server)
- Transparent IOS IPS (can you say “back to bridging? good, I knew you could” said in a mr rogers voice)
- Control Plane Security (These next three are basically QoS for the router itself – fun!)
- Management Plane Security
- Routing Plane Security
- Route Filtering (Fun, fun, looks like the lab is a bit back to v1 with controlling routes!)
- CPU Protection Mechanisms
- ACL Syslog Tagging Correlation
- NAC Framework Support (now in routers too! But Seriously – not NAC Appliance?? oh well)
ASA 8.0
- VPN DAP (Dynamic Access Policies)
- EasyVPN Per Client Tagging for direction to different egress VLANs
- Transparent FW support for NAT
- Support for Redundant Physical Interfaces
- Traffic Shaping
- SSL VPN (this isn’t new but GREATLY enhanced)
- LDAP Integration
- EIGRP Support
- Smart IPSec Tunnels
- Auto Sign-On with Smart Tunnels for IE (how smart can they be if they only work for IE?)
- Phone/Mobility/Presence Proxy (hmmm – maybe – dunno?)
IPS
- Multiple Sensor Engines
- Inline Asymmetrical IPS Intrusion Prevention
- Newly Modified GUI Interface and Startup Wizzard
General
- New RFCs (3330, 3704) (Hmmm – do they REALLY expect me to memorize ALL of the networks in 3330?)
So, how does this change all of our existing Security products?
Well, let me dive into that with you.
- Our existing Video on Demand series will be completely scrapped and newly recorded following our highly acclaimed R/S and Voice Video on Demand tracks in 720p HD video along with Exercises.
- Closely following this will be the Audio on Demand Series – also completely new from the ground up.
- Our Workbook Volume 1 will undergo a significant re-structuring. Obviously many aspects of existing technology in our WB remains testable, only gets a number of enhanced facets and therefore many changes and additions will go into the re-structuring. A number of new sections will of course be added as well to cover the new technologies being tested.
- Our Workbook Volume 1 will undergo significant changes in that older hardware specific tasks will be removed (3550, VPN3k, PIX) and replacing and adding significantly to them will be all of the new above mentioned technology. Of course all existing questions will also be overhauled to include all of the new facets of the enhanced technology. In short – Volume 2 will look completely different as well.
- We will launch a Workbook Volume 3 that follows the model of our other tracks (R/S, Voice) that includes many brand new labs along with Video Walk-Through solutions recorded in 720p HD. These videos will walk you through every aspect of the lab configuration as well as testing and in-depth troubleshooting.
All of these will of course be delivered in our custom in-house designed “BLS” Flash-Driven UI on our customized 120GB USB-powered HDDs.
Look for these updates to come to market very soon. We will be releasing these Volumes as they are updated so that you can begin your studying as soon as possible. Also stay tuned as we begin vLectures on many of these topics in the upcoming months so that you can get a jump on your studies before the actual new lab rolls out in April.
Tags: CCIE, ccie lab, CCIE Security, changes, Cisco, Security, v3 blueprint
That’s a cool announcement! Do you deliver the new content automatically to Security BLS owners?
That’s a cool announcement! Do you deliver the new content automatically to Security BLS owners?
Great question. The Version 3 interface will allow for automatic push and pulls from a secure IPexpert server – therefore all updated will be sent / pulled and the hard drive will be updated to reflect the latest content. Again, though – it’s our V3 interface which is estimated to be available in the summer of 2009.
Great question. The Version 3 interface will allow for automatic push and pulls from a secure IPexpert server – therefore all updated will be sent / pulled and the hard drive will be updated to reflect the latest content. Again, though – it’s our V3 interface which is estimated to be available in the summer of 2009.
Sounds great to me. How will the updated content be distributed before this system is available?
I got a boot camp @IPexpert in July, lab in August. So, I should study “a little” bit.
Sounds great to me. How will the updated content be distributed before this system is available?
I got a boot camp @IPexpert in July, lab in August. So, I should study “a little” bit.
simonbaumann – the updated content will be distributted via hardcopies and / or electronic copies depending on what you purchased and what your preference is (just like we’ve been doing for the past few years). Thanks! – Wayne
simonbaumann – the updated content will be distributted via hardcopies and / or electronic copies depending on what you purchased and what your preference is (just like we’ve been doing for the past few years). Thanks! – Wayne
Thanks for the information, Wayne!
Thanks for the information, Wayne!
Spotted the version 3 blueprint this morning so thanks for the update. I have my lab scheduled 27th March 09, and realise Im on the cusp of v2 to v3 changes. I have the IPexpert Self study kit with proctor guide audio boot camp and video on demand. Am i in danger of focusing my studies in the wrong direction or having out of date literature.
Spotted the version 3 blueprint this morning so thanks for the update. I have my lab scheduled 27th March 09, and realise Im on the cusp of v2 to v3 changes. I have the IPexpert Self study kit with proctor guide audio boot camp and video on demand. Am i in danger of focusing my studies in the wrong direction or having out of date literature.
@Stuart,
Not in danger of anything. The v3 lab BP is a superset of v2 – meaning you can start studying v2 material and be right on track to begin studying v3 material (and any changes therein) as soon as we release it. And as always we will release each Volume as we get it updated so that you don’t have to wait for all Volumes to be updated before getting the materials in your hands. They should be releasing in the next few months – well before your lab date.
-Mark
@Stuart,
Not in danger of anything. The v3 lab BP is a superset of v2 – meaning you can start studying v2 material and be right on track to begin studying v3 material (and any changes therein) as soon as we release it. And as always we will release each Volume as we get it updated so that you don’t have to wait for all Volumes to be updated before getting the materials in your hands. They should be releasing in the next few months – well before your lab date.
-Mark
Thats great mark. Thanks for the reassurance. – Stu
Thats great mark. Thanks for the reassurance. – Stu
If I buy the CCIE Security Lab ‘Blended Study’ package today for $999, and begin the courseware, will I get the updated volumes at no charge as they arrive?
Also – I’m a CCSP, so i don’t know IE level stuff – all the packages for sale are for the LAB, does anything cover the written part, or is that included and I am just missing something?
I’m looking to buy one product and migrate from CCSP to CCIE Security over 6 to 12 months.
Any help is appreciated from anyone.
Thanks
Austin
If I buy the CCIE Security Lab ‘Blended Study’ package today for $999, and begin the courseware, will I get the updated volumes at no charge as they arrive?
Also – I’m a CCSP, so i don’t know IE level stuff – all the packages for sale are for the LAB, does anything cover the written part, or is that included and I am just missing something?
I’m looking to buy one product and migrate from CCSP to CCIE Security over 6 to 12 months.
Any help is appreciated from anyone.
Thanks
Austin
Austin,
you are in a nearly same position as I am. I’m also preparing for the Lab, with a CCNP and CCSP as background. The IPexpert BLS is focused on the Lab exam only.
Your CCSP is a solid background for the CCIE Security written. I would recommand this book ISBN: 978-1587052460 for the written exam.
Austin,
you are in a nearly same position as I am. I’m also preparing for the Lab, with a CCNP and CCSP as background. The IPexpert BLS is focused on the Lab exam only.
Your CCSP is a solid background for the CCIE Security written. I would recommand this book ISBN: 978-1587052460 for the written exam.
Hi
I am also CCSP and never used any of IPExpert study material before. Now I am thinking to take CCIE Security Written followed by CCIE Security Lab exam.
I am concerned about Lab equipment requirements, for example:
How many ASA5500 boxes ? What model? What Licence type?
Do I need IPS boxes or one with ASA5510-AIP10-K9 is enough to do the same job?
What switches do I need and how many of them?? for example 3550 or 3560??
How many routers? I have 9x 2600XM series with 124/32 memory. Are they enough?
I am willing to buy End-to-End CCIE Security package but I am in process of building my lab. But I am unable to make decidsion about ASA5500 box. So someone from IPexpert could advice me about them. Another thing I have also notice that PIX 515E with failover can do same job because it can run same ver 8.x and ASDM 6.x codes unless you really be tested on SSM-AIP and SSM-SCS modules. Can someone please explain about it too?
Thanks
JLee
Hi
I am also CCSP and never used any of IPExpert study material before. Now I am thinking to take CCIE Security Written followed by CCIE Security Lab exam.
I am concerned about Lab equipment requirements, for example:
How many ASA5500 boxes ? What model? What Licence type?
Do I need IPS boxes or one with ASA5510-AIP10-K9 is enough to do the same job?
What switches do I need and how many of them?? for example 3550 or 3560??
How many routers? I have 9x 2600XM series with 124/32 memory. Are they enough?
I am willing to buy End-to-End CCIE Security package but I am in process of building my lab. But I am unable to make decidsion about ASA5500 box. So someone from IPexpert could advice me about them. Another thing I have also notice that PIX 515E with failover can do same job because it can run same ver 8.x and ASDM 6.x codes unless you really be tested on SSM-AIP and SSM-SCS modules. Can someone please explain about it too?
Thanks
JLee