Black Box ET1000A ユーザーズマニュアル
Policy Design Examples
212
EncrypTight User Guide
In ETEMS, configure the interfaces for both PEPs, then click the Features tab and do the following:
1 Select Layer 2:Ethernet for the Encryption Policy Settings.
2 Clear the Enable EncrypTight checkbox.
2 Clear the Enable EncrypTight checkbox.
To set up the encryption policy between the two PEPs, click the Policy tab for each PEP and make the
selections as described in
selections as described in
. Make sure that you use the same key for both PEPs.
Once the PEP configurations have been saved, push the configuration to the remote PEP first, and then
push the configuration to the local PEP. For more information about creating Layer 2 point-to-point
policies, see the Configuration chapter for your PEPs.
push the configuration to the local PEP. For more information about creating Layer 2 point-to-point
policies, see the Configuration chapter for your PEPs.
Layer 2 Ethernet Policy Using VLAN IDs
This example shows a more complicated Layer 2 Ethernet policy encrypting traffic using specific VLAN
IDs.
IDs.
shows a collection of networks for a company with a central headquarters and two branch
offices. The company has a partner that needs access to specific company data, but does not need access
to the branch offices.
to the branch offices.
Traffic between the headquarters and the branches is assigned a VLAN ID tag. This assures that
communications between headquarters and the branches are not accidentally broadcast to other parties,
such as the partner. Meanwhile, traffic between the partner and the partner portal server is assigned a
different VLAN ID tag.
communications between headquarters and the branches are not accidentally broadcast to other parties,
such as the partner. Meanwhile, traffic between the partner and the partner portal server is assigned a
different VLAN ID tag.
Finally, for added security all traffic not using one of the designated VLAN ID tags is discarded.
In this case, three separate policies need to be created:
●
One Layer 2 Mesh encryption policy for traffic between the headquarters and each individual branch
using VLAN ID 10
using VLAN ID 10
●
One encryption policy for the traffic between the partner and partner portal server, using VLAN ID 20
●
One drop policy that discards all traffic not using one of the specified VLAN ID tags, which is
assigned a lower priority than the other policies
assigned a lower priority than the other policies
Table 53
Point-to-point Layer 2 encryption policy
Setting
PEP: 192.168.1.43
PEP: 192.168.1.44
Role
Primary
Secondary
IKE Authentication Method
PresharedKey
PresharedKey
IKE Preshared Key
zaq123edc
zaq123edc
Group ID
0
0
Traffic Handling
EthEncrypt
EthEncrypt