Filter
Top Products
Deleting PEPs
EncrypTight User Guide 153
Changing the IP Address of a PEP
Occasionally, you might need to change the IP address on a PEP. For example, you might need to move a
PEP from one location in your network to another. This could require that you change the management IP
address of the PEP.
Although you can edit the IP address of a PEP in ETEMS, ETPM and the ETKMSs will not immediately
be aware of the change. Any policies currently on the PEP will eventually expire and will not get new
keys or be renewed. This causes rekey failures and can lead to a loss of network traffic.
To change the IP address of a PEP:
1 In ETPM, temporarily remove the PEP from the policies in which it is used and redeploy those
policies.
2 In ETEMS, change the IP address of the PEP.
3 In ETPM, re-add the PEP to the policies or create new policies and redeploy.
Changing the PEP from Layer 3 to Layer 2 Encryption
The Encryption Policy Setting determines the type of policies that the ETEP PEP can be used in when
you create policies in ETPM: Layer 2 Ethernet policies or Layer 3 IP policies. Appliances that are
configured for Layer 2 cannot be used in Layer 3 policies, and vice versa.
You can change the ETEP’s Encryption Policy Setting on the Features tab of the ETEMS Appliance
editor. When you change the encryption policy setting of an in-service ETEP PEP, all encrypt and drop
policies currently installed on the PEP are removed and all traffic is sent in the clear until you create and
deploy new policies.
Related topics:
● “Features Configuration” on page 330
● “Encryption Policy Settings” on page 334
Deleting PEPs
Occasionally, you might need to delete a PEP from ETEMS. For example, the structure of a network
might change or a PEP might become redundant. If you are removing a PEP from service, delete the PEP
from ETEMS and then deploy policies from ETPM before physically removing the PEP from service.
If you delete a PEP from ETEMS, it is removed from the EncrypTight workspace, and in ETPM it is
automatically removed from any network set or policies that include that PEP. Until you redeploy
policies, the ETKMS does not know that the PEP has been removed and it continues to renew the keys
and lifetimes in the PEP. The PEP itself continues to execute the policies. When you deploy your
policies, the ETKMS sends a message to the PEP that instructs it to discard all of the policies from that
ETKMS.