
Explore the ccie security asa 9.6.1 deep dive course, covering asa fundamentals, static, default, and dynamic routing (rip, ospf, is-is, bgp), nat, vpn types, failover, clustering, and ipv6.
Discover the physical topology of our lab used for practical sessions, detailing switches and legacy Windows 7 PCs with Microsoft Exchange Server 2003.
Explore stateless and stateful packet filtering fundamentals using access lists on Cisco ASA, detailing standard, extended, named, and time-based lists, plus dynamic and reflexive options, and outlining advantages and drawbacks.
Discover how a proxy server acts as an intermediate system between users and the internet, filtering access by categories like search engines and gaming sites and enforcing organization policy.
A stateful firewall tracks the connection state in a state table. It forwards packets to destinations and matches replies against the state table, dropping unmatched ones.
Explore transparent firewall concepts, a layer 2 device that forwards frames by destination like a bump in the wire, enabling inside-outside traffic with replies allowed and requests blocked by default.
Learn the basics of ASA 9.6.1 with hands-on lab steps: console access, interface configuration, security levels, and enabling passwords, plus SDM, backups, and upgrades.
Understand routing as the process of transferring a packet from one network to another by configuring IP addresses and forwarding packets to the next hop based on the destination.
Master first rule of routing: if the destination is in the same subnet, forward packet after ARP resolves destination MAC. See how switches learn MAC addresses and ICMP ping works.
Discover how the second rule of routing forwards packets to the default gateway when destinations are outside the same subnet, using ARP to resolve the gateway MAC and complete delivery.
Explore default routing for stub routers with a single exit point, reducing routing table size, forwarding unknown destinations to the ISP, and noting loop risks.
Learn how dynamic routing uses routing protocols to automatically learn and share network routes among routers, solving static routing's scalability limits and enabling scalable, neighbor-based route synchronization.
Learn how dynamic routing protocols automatically exchange route information between branches, learn networks, and forward packets using IP addressing. Explore the two routing protocol types, interior and exterior gateway protocols.
Explore distance vector routing protocols and how hop count drives route selection. Examine direct connections versus multi-hop paths, periodic updates, and routing tables with neighbor routers, including RIP and IGRP.
Explain how link-state routing protocols update based on the link state, sending updates when a link comes up or goes down, with sequence numbers tracking changes and two protocol types.
Explore how the enhanced distance vector routing protocol modifies a distance vector algorithm, blends incremental updates with link-state features, and is branded by Cisco as an enhanced distance vector.
Explore classful and classless addressing concepts, including how IP addresses use A, B, C classes, 16- and 24-bit boundaries, and slash notations like /24 and /30, with practical examples.
Compare classful and classless routing protocols, noting that classful protocols do not send subnet mask information, while classless protocols include subnet mask information in updates with the network ID.
Explain how metric indicates route quality and why lower metrics are preferred, as different routing protocols apply distinct metrics to choose path, including composite metrics with cost and BGP attributes.
Explore administrative distance as the trust metric routers use to evaluate routes from different protocols, where lower values like 0, 1, OSPF 110, ISIS 115, and BGP 20 win.
Explore convergence time in routing protocols and how to summarize a set of /24 networks into a single aggregate, such as 192.168.0.0/21, to reduce routing entries.
Learn how to configure static routing and a default route on the ASA, linking inside and DMZ networks to the outside interface and ISP, with DMZ ACLs and static routes.
This lecture introduces RIP, an interior gateway distance-vector routing protocol using hop count as its metric, port 520, and a max of 15 hops, with classful defaults and multicast updates.
Learn how route poisoning prevents routing loops by advertising an unreachable route with an infinite metric of 16, illustrated through a simple RIP network diagram.
Explore poison reverse in routing protocols. A router updates its routing table and sends poison updates with a 16 metric back to its neighbor to prevent routing loops.
Learn the split-horizon rule in distance-vector routing, preventing updates from being sent back on the receiving interface, illustrated with RIP updates across 192.168.x.x networks.
Explore how RIP timers manage route validity, hold time, and updates, showing when invalid routes are flushed or retained until updates reset timers.
Configure rip across four routers, assign ip addresses, and enable rip with passive interfaces. Redistribute static routes, filter with distribute lists, implement authentication, verify configurations, and originate default information.
Explore the protocol dependent model and its PDM component, which supports different routed protocols beyond IP, such as IPX, and explains how routing protocols exchange route information between routers.
Explore the RTP reliable transport protocol for DRP messages. Learn the five message types: hello, update, query, reply, and acknowledgment, and how they travel via multicast or unicast.
Learn how EIGRP selects the successor route by calculating metrics from neighbor distances, comparing paths, and identifying the best route to reach a destination.
Demonstrate the EIGRP feasible distance concept and how the distance metric selects the best route from multiple paths, using a logical diagram to identify the successor.
Explore feasible successor concepts in EIGRP, distinguishing physical and feasible successors, and learn how advertised distance, feasible distance, and neighbor metrics determine backup routes.
Explore input events that can change the routing database, illustrated by interface failure triggering routing table updates and the need to select alternative paths.
Explore local completion in EIGRP: when a successor fails, feasible and physical successors forward traffic, and the router queries neighbors to reestablish routes, enabling load balancing.
Explore going active in EIGRP, where a router with a failed successor queries neighbors to recover routes and update the routing table.
Understand incremental updates in EIGRP, sent only when the topology changes, and multicast updates, then how equal-cost load balancing uses a multiplier to include multiple routes based on metrics.
Explore how EIGRP builds neighbor, topology, and routing tables, and how successor and feasible successor routes determine internal and external paths.
Explore EIGRP neighborship requirements under DRP, including the five K values for metrics, default use of bandwidth and delay, and options for authentication and static neighbor membership.
Learn the introduction to EIGRP modes, distinguishing active and passive states and how routers handle a downed successor with or without a feasible successor.
Explore the composite metric for eigrp, its five k-values (bandwidth, delay, reliability, load, mtu), and the associated metric formula for ccie security asa 9.6.1 deep dive labs.
Explore EIGRP stub router introduction and how it limits query scope to a single exit-point router, preventing unnecessary updates from propagating to nonstub neighbors.
OSPF is an interior gateway, link-state routing protocol that uses IP protocol 89, sends multicast hello messages to neighbors, and shares subnet mask information to build accurate routes.
Explore ospf tables and messages by examining the neighbor table, database descriptor, and routing table, and review the five ospf messages: hello, database descriptor, link state request, update, and acknowledgement.
Explore the OSPF states from down to full, including init, two-way, exstart, exchange, and loading, and see how frame relay NBMA networks require manual neighbor configuration and master–slave election.
Identify OSPF areas as logical groupings of routers, with area 0 as the backbone. Regular areas must connect to the backbone, and up to 4.2 billion areas can exist.
Explore OSPF priority and hello mechanisms, detailing the default and maximum priority values and how a zero priority prevents a router from participating in the election.
This lecture explains the roles of the designated router and backup designated router in an OSPF multi-access network, including how a router becomes the designated router.
This lecture covers OSPF DR and BDR requirements, emphasizing the default priority of 1 and selecting the highest Lubeck IP, then the highest physical interface IP, with manual configuration options.
Explore how OSPF uses the cost metric to select the best path, with lower costs preferred. Learn the cost formula, usually 100 Mbps divided by link bandwidth for routing decisions.
Explore OSPF network types, including non-broadcast, point-to-point, point-to-multipoint, and broadcast. Learn how open standard and Cisco-specific options apply to fully mesh and hub-and-spoke topologies.
Explore how OSPF network types broadcast, point-to-point, point-to-multipoint, and non-broadcast affect hello and dead intervals, neighbor adjacency, and DR/BDR elections.
Identify OSPF router types: internal routers with interfaces in a regular area, backbone routers in area zero, ABRs linking backbone to regular areas, and ASBRs connecting to external domains.
Explore OSPF area types, including standard and stub areas, and how they affect routing table size. Learn how LSA types 7 and 5 handle external routes and default routes.
Explains OSPF backbone requirement, how all regular areas must connect to the backbone, and when to use virtual links to maintain connectivity across multiple areas.
Explore OSPF authentication types, including null, plaintext, and MD5, and identify how summarization types apply in CCIE security labs.
Explore OSPF route types, including type 1 and type 2, and how internal costs propagate or don’t in areas and external routes. Learn how metric types drive best-path selection.
Explore the OSPF seed metric and its default value of 20 as the starting point for redistribution. Learn area zero as the backbone and stub areas in OSPF.
Explain the OSPF neighborship requirements and how hello packets influence neighbor discovery and adjacency. Discuss subnet mask and MTU considerations that affect OSPF neighbor compatibility.
Dive into configuring OSPF in a CCIE Security ASA 9.6.1 lab, building areas 1 through 4, creating virtual links, enabling authentication, and redistributing routes.
Explore border gateway protocol (BGP) as an exterior gateway protocol and classless vector routing protocol, understanding route selection based on path across autonomous systems.
Learn the BGP message types—open, keepalive, update, and notification—and how they establish, maintain, and reset BGP neighbors, including open message contents, hold time, router ID, route attributes, and metrics.
Explore BGP tables, including the neighbor table, BGP table, and routing table, and understand BGP states from idle to established via the three-way handshake and open messages.
Explore next hop self in BGP and how it affects advertising, redistribution of external routes, and default next hops between IBP neighbors.
Explore how route reflector clients in iBGP enable route exchange between neighbors and prevent loops. This lab demonstrates configuring a route reflector and reflecting routes across clients.
Explore how ebgp multihop increases ttl so not directly connected routers can form ebgp sessions across multiple hops.
Explore how BGP max-path controls path selection: by default only one best path is used; learn to enable load balancing by configuring max-paths (1-4 or higher).
Learn how to establish a BGP neighbor using update source, choosing loopback IPs for peering, and apply update force to ensure neighbor reachability when interfaces fail.
Explore how BGP redistributes interior gateway protocols to BGP and the constraints that BGP to IGP redistribution is not allowed, requiring BGP redistribute internet for inter-domain routing.
Learn how to summarize multiple BGP routes using aggregation to create a single aggregate, control which routes are advertised to neighbors, and understand MD5 authentication for BGP.
Configure BGP in the ASA 9.6.1 lab by setting up interfaces with IP addresses, enabling IPv4 unicast, and establishing neighbor sessions, then verify with show commands.
The Cisco ASA Family of security devices protects corporate networks and data centers of all sizes. It provides users with highly secure access to data and network resources - anytime, anywhere, using any device. Cisco ASA devices represent more than 15 years of proven firewall and network security engineering and leadership, with more than 1 million security appliances deployed throughout the world.
This course will help you learn and master Cisco Adaptive Security Appliance (ASA). The course is focused towards CCNP and CCIE Security.
CCIE Security ASA 9.6.1 Deep Dive: Labs Contents in brief:
Fundamentals of ASA
Implementation of ASA Basics
Implementation of IPv4 Static Routing on ASA
Implementation of IPv4 Default Routing on ASA
Implementation of RIP on ASA
Implementation of EIGRP on ASA
Implementation of OSPF on ASA
Implementation of IS-IS on ASA
Implementation of BGP on ASA
Implementation of OSPFv3 on ASA
Implementation of IPv6 Static Routing on ASA
Implementation of IPv6 Default Routing on ASA
Implementation of SLA on ASA
Implementation of NAT on ASA
Implementation of CTP on ASA
Implementation of Site-Site VPN on ASA
Implementation of Remote Access VPN on ASA
Implementation of SSL VPN on ASA
Implementation of VPN Load balancing on ASA
Implementation of Transparent Firewall on ASA
Implementation of Context on ASA
Implementation of Active-Standby Failover on ASA
Implementation of Active-Active Failover on ASA
Implementation of Active-Standby Failover on ASA with IPv6
Implementation of Active-Active Failover on ASA with IPv6
Implementation of Clustering on ASA with IPv4
Implementation of Clustering on ASA with IPv6
Implementation of MPF on ASA
Implementation of NAT IPv6 on ASA
Implementation of Site-Site VPN on ASA with IPv6
Implementation of SSL VPN on ASA with IPv6
Implementation of EIGRP on ASA in Multiple Mode
Implementation of OSPF on ASA in Multiple Mode
Implementation of IS-IS on ASA in Multiple Mode
Implementation of BGP on ASA in Multiple Mode
And much more...