Filter
Top Products
Policy Concepts
EncrypTight User Guide 183
TIP
Network connectivity problems can prevent new keys from being distributed to the PEPs before the old
keys expire. If you experience problems of this nature, see “Solving Network Connectivity Problems” on
page 248 for suggested workarounds to prevent interruptions.
Policy Types and Encryption Methods
The type of policy specifies the action applied to packets that match the protocol and networks included
in this policy. You can choose from the following types:
● Drop - drops all packets matching this policy.
● Bypass - passes all packets matching this policy in the clear.
● IPSec - encrypts or decrypts all packets matching this policy. (For Layer 2 Ethernet policies, this
option is Encrypt.)
The following topics describe how traffic is protected in an encryption policy:
● “Encapsulation” on page 183
● “Encryption and Authentication Algorithms” on page 184
Encapsulation
To provide encryption and authentication, the PEPs use the EncrypTight Encapsulating Security Payload
protocol (CE-ESP). CE-ESP is Black Box’s packet encapsulation protocol that is based on the IPSec ESP
protocol standards.
Layer 2: Ethernet payload encryption
In Layer 2 policies, the CE-ESP protocol preserves the original Ethernet header information and encrypts
only the Ethernet payload, as shown in Figure 67.
Figure 67 Ethernet frame encryption
Layer 3: IPSec Tunnel mode with original IP header preservation
In Layer 3 IP policies, a copy of the original IP header is used as the outer header and the original header
and payload are encrypted, as show in Figure 68.
Figure 68 IP packet encryption
Layer 4: IPSec Transport mode for Layer 4 payload encryption
ETEP PEPs have an option to encrypt only the Layer 4 payload. The TCP and UDP header information
remains in the clear, as shown in Figure 69. All other Layer 4 headers are encrypted.