Support User Manuals

Black Box ET0010A Appliance Trim Kit User Manual

Open as PDF

of 352

ETEP Configuration

334 EncrypTight User Guide

● “Encryption Policy Settings” on page 334

● “Working with Policies” on page 334

Encryption Policy Settings

The Encryption Policy Setting determines the type of policies that the ETEP can be used in: Layer 2

Ethernet policies or Layer 3 IP policies. Appliances that are configured for Layer 2 cannot be used in

Layer 3 policies, and vice versa. If you intend to create a Layer 4 policy to encrypt only the packet

payload, set the Encryption Policy Setting to Layer 3:IP.

When you change the encryption policy setting of an in-service ETEP, all encrypt and drop policies

currently installed on the ETEP are removed and all traffic is sent in the clear until you create and deploy

new policies, or until the policies are rekeyed. A rekey installs an “encrypt all” policy on the ETEP.

If you are using EncrypTight

, take the following steps to ensure proper enforcement of your distributed

key polices when you change the encryption policy setting:

1 In the ETEMS Features tab, change the Encryption Policy Setting to Layer 2 or Layer 3.

2 Push the new configuration to the ETEP (Tools > Put Configuration).

3 In ETPM, delete the policy that contains the original ETEP configuration.

4 Create a new policy for the reconfigured ETEP.

5 Deploy the new policy.

Related topics:

● “EncrypTight Settings” on page 333

● “Working with Policies” on page 334

Working with Policies

ETEMS’s primary function is configuring and managing appliances from a central workstation. After you

have configured the ETEPs for network operation, you have the following options for creating and

deploying policies:

● EncrypTight distributed key policies (mesh, hub and spoke, multicast, Layer 3 point-to-point) are

created and managed using ETPM.

● Layer 2 point-to-point policies are created using the policy editor in the ETEMS Policy tab.

Table 106 Encryption policy settings

Setting Definition

Layer 2: Ethernet Enable this setting to use the ETEP in Layer 2 Ethernet policies. Point-

to-point policies are defined in ETEMS; mesh policies are defined in

EncrypTight ETPM.

Layer 3: IP Enable this setting to use the ETEP in Layer 3 IP policies, or if you

intend to create a policy to encrypt only the Layer 4 payload.

Layer 3 distributed key policies are defined in EncrypTight ETPM.

previous next