Black Box ET0010A User Manual
Policy Enforcement Point Configuration
EncrypTight User Guide
55
Replace
x.x.x.x
with the IP address or the hostname of the syslog server.
7 Save and close the file.
8 Shut down and restart the ETKMS:
8 Shut down and restart the ETKMS:
●
On external ETKMSs, restart the ETKMS service by typing:
service etkms restart
●
On local ETKMSs, close the command line window for the ETKMS software and in the
EncrypTight window, select Tools > Launch ETKMS LM.
EncrypTight window, select Tools > Launch ETKMS LM.
Policy Enforcement Point Configuration
EncrypTight Policy Enforcement Points (PEPs) can be configured for Layer 2 or Layer 3/4 operation.
Models include:
Models include:
●
ET0010A
●
ET0010A
●
ET1000A
In most cases, when you install and configure the PEPs, you do not need to make addressing changes or
other routing changes. The PEPs implement a network mode ESP transport mechanism that preserves all
header information. The entire original packet is encrypted and a copy of the original header is used as
the header for the new packet. This allows the PEPs to operate transparently, without requiring changes to
your existing network addressing. You should maintain your existing network gateways as configured.
You should not configure the local port on a PEP as a gateway address.
other routing changes. The PEPs implement a network mode ESP transport mechanism that preserves all
header information. The entire original packet is encrypted and a copy of the original header is used as
the header for the new packet. This allows the PEPs to operate transparently, without requiring changes to
your existing network addressing. You should maintain your existing network gateways as configured.
You should not configure the local port on a PEP as a gateway address.
To prepare the PEPs for operation with EncrypTight:
●
Perform basic installation tasks.
Perform initial setup as directed in the PEP’s Installation Guide. At a minimum, this consists of
connecting cables to the PEP’s communication ports and setting the management port IP address.
When they are first installed, ETEP PEPs pass all traffic in the clear until they receive policies. Refer
to the documentation for your PEPs for more information on initial behavior and how to make sure
the PEPs are properly installed.
If you plan to use a PEP with EncrypTight distributed key policies, you should not configure any
other types of policies on the PEP before you enable EncrypTight. Doing so can have undesirable
effects.
Perform initial setup as directed in the PEP’s Installation Guide. At a minimum, this consists of
connecting cables to the PEP’s communication ports and setting the management port IP address.
When they are first installed, ETEP PEPs pass all traffic in the clear until they receive policies. Refer
to the documentation for your PEPs for more information on initial behavior and how to make sure
the PEPs are properly installed.
If you plan to use a PEP with EncrypTight distributed key policies, you should not configure any
other types of policies on the PEP before you enable EncrypTight. Doing so can have undesirable
effects.
●
Configure the appliances in the EncrypTight software.
Using the ETEMS Appliance Manager feature in EncrypTight, add and configure each PEP. Refer to
the sections below for configuration settings that are required for distributed key and negotiated key
polices.
Using the ETEMS Appliance Manager feature in EncrypTight, add and configure each PEP. Refer to
the sections below for configuration settings that are required for distributed key and negotiated key
polices.
●
For distributed key policies, see
●
For point-to-point negotiated policies, see
Related topics:
●
●
●