Black Box EncrypTight Appliance Trim Kit User Manual

Open as PDF

of 352

Policy Design Examples

212 EncrypTight User Guide

In ETEMS, configure the interfaces for both PEPs, then click the Features tab and do the following:

1 Select Layer 2:Ethernet for the Encryption Policy Settings.

2 Clear the Enable EncrypTight checkbox.

To set up the encryption policy between the two PEPs, click the Policy tab for each PEP and make the

selections as described in Table 53. Make sure that you use the same key for both PEPs.

Once the PEP configurations have been saved, push the configuration to the remote PEP first, and then

push the configuration to the local PEP. For more information about creating Layer 2 point-to-point

policies, see the Configuration chapter for your PEPs.

Layer 2 Ethernet Policy Using VLAN IDs

This example shows a more complicated Layer 2 Ethernet policy encrypting traffic using specific VLAN

IDs. Figure 83 shows a collection of networks for a company with a central headquarters and two branch

offices. The company has a partner that needs access to specific company data, but does not need access

to the branch offices.

Traffic between the headquarters and the branches is assigned a VLAN ID tag. This assures that

communications between headquarters and the branches are not accidentally broadcast to other parties,

such as the partner. Meanwhile, traffic between the partner and the partner portal server is assigned a

different VLAN ID tag.

Finally, for added security all traffic not using one of the designated VLAN ID tags is discarded.

In this case, three separate policies need to be created:

● One Layer 2 Mesh encryption policy for traffic between the headquarters and each individual branch

using VLAN ID 10

● One encryption policy for the traffic between the partner and partner portal server, using VLAN ID 20

● One drop policy that discards all traffic not using one of the specified VLAN ID tags, which is

assigned a lower priority than the other policies

Table 53 Point-to-point Layer 2 encryption policy

Setting PEP: 192.168.1.43 PEP: 192.168.1.44

Role Primary Secondary

IKE Authentication Method PresharedKey PresharedKey

IKE Preshared Key zaq123edc zaq123edc

Group ID 0 0

Traffic Handling EthEncrypt EthEncrypt

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Black Box EncrypTight Appliance Trim Kit User Manual