Policy Design Examples
218 EncrypTight User Guide
Passing Routing Protocols
With Layer 3 routed networks, you might need to pass routing protocols in the clear. This is normally
true when routers are placed behind the PEPs and when your WAN uses a private routed infrastructure.
With a public routed infrastructure, the ISP handles the routing.
To create policies to pass routing protocols in the clear, include the router interfaces or subnets that
participate in sharing the routing protocol. In our example, all the regional networks are Layer 3 routed
networks and all branches are switched networks. Each regional network shares routing information with
the other regional networks using EIGRP (protocol 88).
Figure 87 Passing routing protocol in the clear
Using the four network sets created in “Encrypt Traffic Between Regional Centers” on page 214, create a
mesh policy as shown in the following table:
Priority 903
Renew Keys/Refresh Lifetime 4 hours
Type IPSec
IPSec Encryption Algorithms - AES
Authentication Algorithms - HMAC-SHA-1
Key Generation By Network Set
Addressing Mode Override Preserve internal network addresses
Minimize Policy Size Disable
Hub Network Set D
Spokes Network Set D1
Network Set D2
Network Set D3
Protocol Any
Table 61 Pass protocol 88 in the clear mesh policy
Field Setting
Name Clear EIGRP
Priority 2000 (higher priority than the Mesh encryption policy)
Renew Keys/Refresh Lifetime 4 hours
Type Bypass
IPSec
Key Generation By Network Set
Table 60 Region D hub and spoke policy (continued)
Field Setting