Filter
Top Products
Complex Layer 3 Policy Example
EncrypTight User Guide 215
The network sets required for this policy are:
Using the four network sets, create the mesh policy as shown in the following table:
Encrypt Traffic Between Regional Centers and Branches
In order to encrypt traffic between each regional center and its branches, four hub and spoke policies are
required. The following figure illustrates the hub and spoke policy between Regional Network A and its
branches: Branch A1, Branch A2, and Branch A3.
Figure 86 Regional center to branches hub and spoke policy
Table 54 Network sets for mesh policy
Networks PEPs
Default
ETKMS
Network Set A 192.33.3.0 netmask 255.255.255.0 PEP A ETKMS 1
Network Set B 172.44.0.0 netmask 255.255.255.0 PEP B ETKMS 1
Network Set C 100.22.3.0 netmask 255.255.255.0 PEP C ETKMS 1
Network Set D 100.33.1.0 netmask 255.255.255.0 PEP D ETKMS 1
Table 55 Encrypt all mesh policy
Field Setting
Name Encrypt All Mesh
Priority 1000
Renew Keys/Refresh Lifetime 4 hours
Type IPSec
IPSec Encryption Algorithms - AES
Authentication Algorithms - HMAC-SHA-1
Key Generation By Network Set
Addressing Mode Override Preserve internal network addresses
Minimize Policy Size Disable
Network Sets Network Set A
Network Set B
Network Set C
Network Set D
Protocol Any