Black Box ET1000A 사용자 설명서
Complex Layer 3 Policy Example
EncrypTight User Guide
215
The network sets required for this policy are:
Using the four network sets, create the mesh policy as shown in the following table:
Encrypt Traffic Between Regional Centers and Branches
In order to encrypt traffic between each regional center and its branches, four hub and spoke policies are
required. The following figure illustrates the hub and spoke policy between Regional Network A and its
branches: Branch A1, Branch A2, and Branch A3.
required. The following figure illustrates the hub and spoke policy between Regional Network A and its
branches: Branch A1, Branch A2, and Branch A3.
Figure 86
Regional center to branches hub and spoke policy
Table 54
Network sets for mesh policy
Networks
PEPs
Default
ETKMS
Network Set A
192.33.3.0 netmask 255.255.255.0
PEP A
ETKMS 1
Network Set B
172.44.0.0 netmask 255.255.255.0
PEP B
ETKMS 1
Network Set C
100.22.3.0 netmask 255.255.255.0
PEP C
ETKMS 1
Network Set D
100.33.1.0 netmask 255.255.255.0
PEP D
ETKMS 1
Table 55
Encrypt all mesh policy
Field
Setting
Name
Encrypt All Mesh
Priority
1000
Renew Keys/Refresh Lifetime
4 hours
Type
IPSec
IPSec
Encryption Algorithms - AES
Authentication Algorithms - HMAC-SHA-1
Authentication Algorithms - HMAC-SHA-1
Key Generation
By Network Set
Addressing Mode Override
Preserve internal network addresses
Minimize Policy Size
Disable
Network Sets
Network Set A
Network Set B
Network Set C
Network Set D
Protocol
Any