Black Box ET0010A User Manual

Working with Policies

EncrypTight User Guide

337

deploy management port IPsec polices while in Layer 2 point-to-point mode, use manual key policies 
to encrypt management port traffic.

●

We recommend setting the time on the ETEPs before setting up the Layer 2 point-to-point policy. 
Changing the clocks after the policy is established may cause traffic to be dropped. 

●

 

●

●

●

●

●

●

The appliance role is used in the process of establishing a security association (SA) between ETEP peers. 
The ETEP can assume one of two appliance roles when it is configured for point-to-point operation. One 
of the appliances must be assigned the primary role and the other the secondary role. The ETEPs will not 
function properly if both appliances are configured with the same role. 

In point-to-point Layer 2 networks, the ETEPs use IKE negotiations to establish security associations 
(SAs) between peer appliances. The ETEP uses the preshared key string to authenticate its peer’s identity 
before the ETEPs begin to negotiate the SAs. The same key value must be entered in both appliances.

We recommend that you change the key from its default value of 01234567 prior to deploying the ETEP. 
Note the following conventions when creating a preshared key:

●

The key is a case-sensitive alphanumeric string from 8-255 characters in length

●

Valid characters are upper and lower alpha characters, numbers 0-9 

●

All special characters are allowed except the following: ? “ { } [ ] ( ) = \ < > & and # 

●

To include a space, enclose it in double quotes. 

In a point-to-point network, the two ETEPs must be configured with the same group ID in order to 
communicate properly with each other. If you are using only one pair of ETEPs in the same subnet you 
can use the default group ID. 

If more than one pair of ETEPs is used within the same Layer 2 network, the group ID isolates the traffic 
from one pair of ETEPs from any other pair. Each appliance can belong to only one group.