Black Box ET0010A User Manual

Policy Design Examples

212

EncrypTight User Guide

In ETEMS, configure the interfaces for both PEPs, then click the Features tab and do the following:

1 Select Layer 2:Ethernet for the Encryption Policy Settings.
2 Clear the Enable EncrypTight checkbox.

To set up the encryption policy between the two PEPs, click the Policy tab for each PEP and make the 
selections as described in 

. Make sure that you use the same key for both PEPs. 

Once the PEP configurations have been saved, push the configuration to the remote PEP first, and then 
push the configuration to the local PEP. For more information about creating Layer 2 point-to-point 
policies, see the Configuration chapter for your PEPs. 

This example shows a more complicated Layer 2 Ethernet policy encrypting traffic using specific VLAN 
IDs. 

 shows a collection of networks for a company with a central headquarters and two branch 

offices. The company has a partner that needs access to specific company data, but does not need access 
to the branch offices.

Traffic between the headquarters and the branches is assigned a VLAN ID tag. This assures that 
communications between headquarters and the branches are not accidentally broadcast to other parties, 
such as the partner. Meanwhile, traffic between the partner and the partner portal server is assigned a 
different VLAN ID tag.

Finally, for added security all traffic not using one of the designated VLAN ID tags is discarded.

In this case, three separate policies need to be created:

●

One Layer 2 Mesh encryption policy for traffic between the headquarters and each individual branch 
using VLAN ID 10

●

One encryption policy for the traffic between the partner and partner portal server, using VLAN ID 20

●

One drop policy that discards all traffic not using one of the specified VLAN ID tags, which is 
assigned a lower priority than the other policies

Primary

Secondary

PresharedKey

PresharedKey

zaq123edc

zaq123edc

0

0

EthEncrypt

EthEncrypt