CCIE Security v4 Lab Training – Day 1

Journal writing and note taking are key to my mastery of new subject matter. Here I will be sharing my note-taking as I master CCIE Security. I hope you enjoy the content (especially if you are also studying for CCIE Security) and perhaps it will inspire your note-taking efforts.

Videos: Class Video 1 – Basic ASA – record date 3/5/2015


  • There are sections of the lab exam that are independent – for example VPN, WSA
  • DO NOT REMOVE ANY INITIALS, MODIFY THEM – for example, existing access lists
  • In the first hour of the lab exam – be sure to verify access to all devices
  • Trust diagrams and the exam paper – DO NOT trust initial configs – intentionally introduced errors abound
  • ASAs do not do CDP or ISL
  • Remember, nameif is case sensitive, follow the exact case in the question
  • Reliability tracking:
sla monitor 1
sla monitor schedule 1 ...
track 10 rtr 1 reachability
route outside 0 0 track 10
  • Subinterface config:
int gi0/0
no shut
int gi0/0.220
vlan 220
ip address ...
nameif ... 
security-level ...
  • 8.2 vs 8.6 – 8.6 does NAT first then access-list, so addresses referenced are private

Practice Labs:

  • Task 1: VLANs and IP Addressing
  • Task 2: Configuring RIPv2
  • Task 3: Configuring OSPF
  • Task 4: EIGRP
  • Task 5: Advanced Routing


One thought on “CCIE Security v4 Lab Training – Day 1

Leave a Reply

Your email address will not be published. Required fields are marked *