Hello everybody,

as promised before, we posted the initial update to our Security Workbook VOL1 matching new new CCIE Security v3.0 blueprint. It covers the "ASA Firewall" section of the lab exam blueprint and contains 50 technology focused mini-scenarios. All customers with active subscription to the existing version of IEWB-SC VOL1 should see the new material under their members site accounts. The new content has been rewritten from scratch, with the task wording changed along with breakdowns, comments and explanatins added. You will see the mini-labs presented in "challenging" format, matching our new philosophy for the updated line of CCIE products. Of course, there are new scenarios covering the updated CCIE Security lab blueprint. If you are wondering why we jumped from version 3.2 to v5.0, there are few good reasons. Firstly, it symbolizes the unified design philosophy of our RS and SC products as the most recent version of RS products is v5.0. Secondly, you should remember how they jumped to IPv6 from IPv4. We thought that's a good idea too. And last, but not least - Cisco did the same trick to their line of unified communication products! ;)

Finally, Here is the list of topics covered in this update. The highlighted topics correspond to the completely new scenarios added to the section. Notice however, that all other tasks have been completely updated as well! Happy studying!

ASA Firewall
VLANs and IP Addressing
Advanced Routing
IP Access-Lists
Object Groups
Administrative Access
ICMP Traffic
URL Filtering
Dynamic NAT and PAT
Static NAT and PAT
Dynamic Policy NAT
Static Policy NAT and PAT
Identity NAT and NAT Exemption
Outside Dynamic NAT
DNS Doctoring using “Alias”
DNS Doctoring using “Static”
Fragmented Traffic
IDENT Issues
BGP across the Firewall
Stub Multicast Routing
PIM Multicast Routing
Network Time Protocol
System Logging
Filtering System Logs
SNMP Monitoring
DHCP Server
HTTP Traffic Inspection
FTP Traffic Inspection
SMTP Traffic Inspection
TCP Inspection
Management Traffic Inspection
ICMP Traffic Inspection
Threat Detection
Un-Stealthing the Firewall
Traffic Policing
Low Latency Queuing
Traffic Shaping
Hierarchical Queuing
Transparent Firewall
ARP Inspection
Ethertype Access-Lists
Transparent Firewall NAT
Firewall Contexts
Firewall Contexts Routing
Firewall Contexts Classification
Resource Management
Active/Standby Failover
Active/Active Failover

Petr Lapukhov, 4xCCIE/CCDE
About Petr Lapukhov, 4xCCIE/CCDE

Petr Lapukhov has more than 12 years of experience working with Cisco Systems products. Not only is he the only person in the world to have earned four CCIEs (Routing & Switching, Security, Service Provider, and Voice) in just two years, he also passed every exam the first time. He shares his knowledge and experience with INE’s students through our various products and programs. Petr works with all of the technologies covered within his four CCIE tracks on a daily basis, staying current with any changes in the industry. He has also received his Cisco Certified Design Expert (CCDE) certification, joining a small group of distinguished individuals who have achieved this status. Petr is a contributor to INE’s blog and our INE IEOC Community Forum. You may contact Petr Lapukhov at

Subscribe to INE Blog Updates

New Blog Posts!