ETPM and ETKMS Troubleshooting

To fix these issues, redeploy your policies from ETPM to make sure that your PEPs have current policies and keys.

Cannot Add a Network Set to a Policy

Non-contiguous subnet masks are supported on ETEP PEPs version 1.4 and later. When you use non- contiguous network masks, the network set must include a PEP that supports the feature. In addition, all network sets in a policy must include supporting PEPs. ETPM prevents you from dragging non- supporting elements into a network set or policy when non-contiguous networks masks are in use.

Packet Fragments are Discarded in Point-to-Point Port-based Policies

Packet fragments are incorrectly discarded in point-to-point port-based policies when packets exceed the PMTU and are therefore fragmented and reassembled. This occurs only when the ETEP Encryption Policy Setting is configured as Layer 3:IP (ETEMS Features tab), and any of the following conditions are met:

When the ETPM policy type is Bypass, the ETEP discards packet fragments in Layer 3 and Layer 4 policies.

When the ETPM policy type is IPSec, the ETEP discards Layer 3 packet fragments.

When the ETPM policy type is IPSec, the ETEP discards Layer 4 packet fragments when the Reassembly mode is set to Gateway.

Workarounds:

Create a point-to-point policy that is not port-based. In the ETPM policy editor, select “Any port” as the Source Port and Destination Port in the Network Set Point A and Network Set Point B areas.

If you require a port-based policy, increase the PMTU on the ETEPs to avoid packet fragmentation.

Solving Network Connectivity Problems

If traffic is not being passed and it is not due to policy priority errors, you might have problems with network connectivity, which can prevent new keys from being distributed to the PEPs before the old keys expire.

To avoid this, for each of your primary policies, create a secondary policy that targets the same traffic and set the Renew keys/Refresh lifetime to zero (0). The zero value assures that the keys never expire. Assign this policy a lower priority than the primary policy. If the keys for the primary policy on the PEP expire before new keys arrive, the secondary policy takes affect. Traffic continues to flow and stays secure until the connectivity issues are resolved and the PEPs receive new keys for the primary policy.

When you have a connectivity problem, start ETPM and click Refresh Status

. If the status shown in

the Policy View returns a

indicator, the interruption may have been temporary. In this case, you can

re-establish the keys by clicking Renew Keys

from the ETPM.

 

When you have a network connectivity problem and a PEP status indicator returns an error, you can locate the affected communication link by checking log files.

248

EncrypTight User Guide

Page 246 Page 248
Page 247
Image 247
Black Box ET0100A, ET1000A, ET0010A, EncrypTight Solving Network Connectivity Problems, Cannot Add a Network Set to a Policy
Page 246 Page 248

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.
Top Page Image Contents