Black Box ET0010A User Manual
Policy Design Examples
218
EncrypTight User Guide
Passing Routing Protocols
With Layer 3 routed networks, you might need to pass routing protocols in the clear. This is normally
true when routers are placed behind the PEPs and when your WAN uses a private routed infrastructure.
With a public routed infrastructure, the ISP handles the routing.
true when routers are placed behind the PEPs and when your WAN uses a private routed infrastructure.
With a public routed infrastructure, the ISP handles the routing.
To create policies to pass routing protocols in the clear, include the router interfaces or subnets that
participate in sharing the routing protocol. In our example, all the regional networks are Layer 3 routed
networks and all branches are switched networks. Each regional network shares routing information with
the other regional networks using EIGRP (protocol 88).
participate in sharing the routing protocol. In our example, all the regional networks are Layer 3 routed
networks and all branches are switched networks. Each regional network shares routing information with
the other regional networks using EIGRP (protocol 88).
Figure 87
Passing routing protocol in the clear
Using the four network sets created in
mesh policy as shown in the following table:
Priority
903
Renew Keys/Refresh Lifetime
4 hours
Type
IPSec
IPSec
Encryption Algorithms - AES
Authentication Algorithms - HMAC-SHA-1
Key Generation
By Network Set
Addressing Mode Override
Preserve internal network addresses
Minimize Policy Size
Disable
Hub
Network Set D
Spokes
Network Set D1
Network Set D2
Network Set D3
Protocol
Any
Table 61
Pass protocol 88 in the clear mesh policy
Field
Setting
Name
Clear EIGRP
Priority
2000 (higher priority than the Mesh encryption policy)
Renew Keys/Refresh Lifetime
4 hours
Type
Bypass
IPSec
Key Generation
Key Generation
By Network Set
Table 60
Region D hub and spoke policy (continued)
Field
Setting