Black Box ET0010A User Manual

Policy Design Examples

216

EncrypTight User Guide

These hub and spoke policies require the four network sets created in

“Encrypt Traffic Between Regional

Centers” on page 214

and twelve network sets for the branch networks.

The next three tables show the four regional hub and spoke policies.

Using Network Sets A, A1, A2, and A3, create a hub and spoke policy for region A as shown in the
following table:

Table 56

Network sets for the hub and spoke policies

Networks

PEPs

Default

ETKMS

Network Set A1

192.33.5.0 netmask 255.255.255.0

PEP A1

ETKMS 1

Network Set A2

192.33.6.0 netmask 255.255.255.0

PEP A2

ETKMS 1

Network Set A3

192.33.9.0 netmask 255.255.255.0

PEP A3

ETKMS 1

Network Set B1

172.44.5.0 netmask 255.255.255.0

PEP B1

ETKMS 1

Network Set B2

172.44.6.0 netmask 255.255.255.0

PEP B2

ETKMS 1

Network Set B3

172.44.7.0 netmask 255.255.255.0

PEP B3

ETKMS 1

Network Set C1

100.22.5.0 netmask 255.255.255.0

PEP C1

ETKMS 1

Network Set C2

100.22.7.0 netmask 255.255.255.0

PEP C2

ETKMS 1

Network Set C3

100.22.9.0 netmask 255.255.255.0

PEP C3

ETKMS 1

Network Set D1

100.33.2.0 netmask 255.255.255.0

PEP D1

ETKMS 1

Network Set D2

100.33.3.0 netmask 255.255.255.0

PEP D2

ETKMS 1

Network Set D3

100.33.5.0 netmask 255.255.255.0

PEP D3

ETKMS 1

Table 57

Region A hub and spoke policy

Field

Setting

Name

Region A Hub and Spoke

Priority

900

Renew Keys/Refresh Lifetime

4 hours

Type

IPSec

IPSec

Encryption Algorithms - AES

Authentication Algorithms - HMAC-SHA-1

Key Generation

By Network Set

Addressing Mode Override

Preserve internal network addresses

Minimize Policy Size

Disable

Hub

Network Set A

Spokes

Network Set A1

Network Set A2

Network Set A3

Protocol

Any