CCIE Security: Mock Lab #1

I am so grateful for all of you supporting me, and what better way to give back, than by giving you all a Mock Lab.

First draft of the Topology can be found here and I will work as hard as I can to have the finished topology and workbook/questions ready.

All of it can be build in EVE-NG / GNS3, but even better is it if you have have some physical equipment (for ASA Cluster, and Catalyst Dot1x)


  • Flexvpn HUB-Spoke
  • Site-to-Site IKEv1
  • Clientless SSL VPN
  • AnyConnect VPN
  • PKI
  • Dot1x
  • MAB
  • Securing Routing Protocols (BGP and EIGRP)
  • Firepower/FTD/NGIPS
  • ASA A/S
  • ASA A/A (Requires either physical ASA or ASA8.2 image for GNS3)
  • ASA Cluster (Requires physical ASA)
  • TrustSec
  • WCCP
  • WSA

CCIE Security V5 Mock Lab Topology


Please comment below if you like the Mock Lab or something should be changed.


8 thoughts on “CCIE Security: Mock Lab #1

  1. Hi Henrik Good Mock!! One info: The device are fully reachable in the default config? I mean the PC 3 can reach PC4 with default routing protocols that you config? Thx. Giovanni

      1. Ok but in your lab you configure for reach each other or every segment / routing domain work independent ? Thanks

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s