Highlights from the CCIE Security “Ask the Expert” Session

Posted by matt in Wednesday, January 9th 2008   
Topics: test.taking
No Comment 878 views
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Brian Dennis from Internetwork Expert recently blogged about the Highlights from Cisco’s Recent CCIE R&S “Ask the Expert” Session on Internetwork Expert’s CCIE Blog.

When I read his post I thought it was a fantastic idea! As it turns out, Yusuf Bhaiji, a CCIE Security proctor, did the same thing back in March and April. I remembered reading the NetPro thread and so I thought I would take a cue from Brian and do the same thing here.

I don’t think Yusuf’s thread was nearly as info-rich as the R&S one, but here are the highlights after the jump.

Lab Equipment and Topology

  • PIX/ASA is running version 7.2.x. An ASA5510 is good enough to practice on.
  • IPS is running version 5.1.x and can be configured in promiscuous or inline mode.
  • IOS 12.2T doesn’t support it, but NAC Framework can be tested on devices such as the switches, VPN3k, etc.
  • Ethernet is most widely used in the Lab topology, but Frame Relay WAN (Serial interfaces) is still used in the lab topology. It will be pre-configured.

Hardware and Software Changes in the Lab

  • There will always be an announcement six months before the introduction of something new.
  • NAC Appliance and CSA are being considered.
  • MPLS VPN technology is currently tested in the CCIE SP track and currently there are no plans to add this into the CCIE Security track.
  • ISRs and an IOS upgrade are in the works for an upcoming “phase 2 update”.
  • Since the VPN3000 concentrator is EOS it is very likely to be removed from the CCIE lab exam.

Routing Configuration

  • Advanced Routing features such as filtering, summarization, etc. are no longer core objectives, and are tested mostly on the written exam.
  • Routing & switching is pre-configured on all devices except the security devices.
  • Routing functions are tested on the security devices only.
  • All aspects of routing on security devices can appear on the exam, but the emphasis is NOT routing. These will appear merely to complete an exercise.

Troubleshooting

  • Troubleshooting problems are most likely to occur within the pre-configuration. The security devices don’t have any real configuration on them beyond the basics like hostname. Thus, there’s no point in troubleshooting a security device with no config.
  • Troubleshooting is mainly focused on FUNCTIONALITY. For example, there will be a broken scenario, like an IPsec LAN-to-LAN setup that is pre-configured, but NOT working. You will be required to identify and fix the end-to-end thing and ensure it is working.
  • The issue can be related to IPsec config or even non-IPsec config within.

Related Post

Spread the word

Digg this post

Bookmark to delicious

Stumble the post

Add to your technorati favourite

Subscribes to this post

Sorry you must register to comments in this post

«
»