Hi everyone,

as promised before, updated Security VOL2 Lab1 has been posted to all subscribed members accounts. The new lab features completely new diagram (I hope you guys like it ;) and significants updates to its contents. Alongside with removing the PIX and VPN3k sections we've added tasks covering such topics as IPsec VTI, Zone-Based Firewall, IPS virtual sensors/VLAN groups, ASA reliable static routes, 802.1x authorization and a few more goodies to this lab. The updated content should be less "crazy hard" than its v3.0 predecessor and better mimic the difficulty of the real exam. Still, it was designed to be *harder* than the real stuff, just to make sure you don't relax too much and don't let your guards down ;) Anyways, enjoy the first update in the series! We plan to post updates periodically and finish the whole process in June.

For you CCIE-RS folks waiting for the BGP section to be posted. Our apologies for the delay, we're working to get it done ASAP. The section appears to be bigger than we estimated before, and it may take an extra week to finish it. We'll try to make an intermittent update by the end of this week, covering at least some of BGP Section tasks. Thank you for your patience!


Hello everybody,

as promised before, we posted the initial update to our Security Workbook VOL1 matching new new CCIE Security v3.0 blueprint. It covers the "ASA Firewall" section of the lab exam blueprint and contains 50 technology focused mini-scenarios. All customers with active subscription to the existing version of IEWB-SC VOL1 should see the new material under their members site accounts. The new content has been rewritten from scratch, with the task wording changed along with breakdowns, comments and explanatins added. You will see the mini-labs presented in "challenging" format, matching our new philosophy for the updated line of CCIE products. Of course, there are new scenarios covering the updated CCIE Security lab blueprint. If you are wondering why we jumped from version 3.2 to v5.0, there are few good reasons. Firstly, it symbolizes the unified design philosophy of our RS and SC products as the most recent version of RS products is v5.0. Secondly, you should remember how they jumped to IPv6 from IPv4. We thought that's a good idea too. And last, but not least - Cisco did the same trick to their line of unified communication products! ;)

Finally, Here is the list of topics covered in this update. The highlighted topics correspond to the completely new scenarios added to the section. Notice however, that all other tasks have been completely updated as well! Happy studying!

ASA Firewall
VLANs and IP Addressing
Advanced Routing
IP Access-Lists
Object Groups
Administrative Access
ICMP Traffic
URL Filtering
Dynamic NAT and PAT
Static NAT and PAT
Dynamic Policy NAT
Static Policy NAT and PAT
Identity NAT and NAT Exemption
Outside Dynamic NAT
DNS Doctoring using “Alias”
DNS Doctoring using “Static”
Fragmented Traffic
IDENT Issues
BGP across the Firewall
Stub Multicast Routing
PIM Multicast Routing
Network Time Protocol
System Logging
Filtering System Logs
SNMP Monitoring
DHCP Server
HTTP Traffic Inspection
FTP Traffic Inspection
SMTP Traffic Inspection
TCP Inspection
Management Traffic Inspection
ICMP Traffic Inspection
Threat Detection
Un-Stealthing the Firewall
Traffic Policing
Low Latency Queuing
Traffic Shaping
Hierarchical Queuing
Transparent Firewall
ARP Inspection
Ethertype Access-Lists
Transparent Firewall NAT
Firewall Contexts
Firewall Contexts Routing
Firewall Contexts Classification
Resource Management
Active/Standby Failover
Active/Active Failover


Hello everyone,

We know that many of our CCIE Security customers are waiting for the updates of IEWB-SC VOL1 (technology labs) and VOL2 (full-scale labs). Like we mentioned before, the first update (about 50 ASA Firewall focused labs) is coming on the last week of March. Just to warm up your appetite, here is a small excerpt of the updated workbook (the final edition of VOL1 might look slightly different, but the teaser would give you a general idea of the workbook style):

IEWB-SC VOL1: ASA Firewall Teaser

In addition to covering the new blueprint topics, updated VOL1 will include all relevant labs from the previous release rewritten to match our new standards. Of course, per our Investment Protection program, all owners of the current VOL1 version will get the updates absolutely free of charge. For more information on IEWB-SC products and updates, please refer to the following links:

IEWB-SC VOL1 (Technology Labs)
IEWB-SC VOL2 (Full Scale Labs)
Migrating to CCIE Security v3.0 Blueprint

Oh, just in case if you’re wondering about IEWB-SC VOL2 updates, we plan to start releasing them on 2nd week of April!

Subscribe to INE Blog Updates

New Blog Posts!