Interface Configuration

preserves the network addressing of the protected network by copying the original source IP and MAC addresses from the incoming packet to the outbound packet header.

In transparent mode the ETEP’s remote and local ports are not viewable from a network standpoint. The local and remote ports do not use user-assigned IP addresses. In Layer 3 IP networks the local and remote ports cannot be contacted through an IP address, and they do not respond to ARPs. The ETEP is also transparent in Ethernet networks when configured as a Layer 2 encryptor.

If you want to conceal the original source IP address when sending encrypted traffic, configure the ETEP to operate in non-transparent mode. In non-transparent mode, the original source IP address in the outbound packet header is replaced with either an IP address for the remote port or a virtual IP address. The ETEP port MAC address is used as the packet’s source MAC address. You must assign IP addresses to the local and remote ports when configuring the ETEP for this mode of operation.

Non-transparency settings apply only when the ETEP is configured for Layer 3 operation and being used in a distributed key policy that uses a virtual IP address or remote IP address.

Table 87

When to use transparent mode

 

 

 

Policy Type

Mode of operation

Layer 2 policies (distributed key mesh and stand-alone point-to-point)

Transparent mode

Layer 3 distributed key policy:

Transparent mode

Copy the original source IP address to the encryption header

 

 

 

Layer 3 distributed key policy:

Non-transparent mode

Conceal the original source IP address and replace it with one of the

 

following:

 

 

ETEP remote port IP address. This forces traffic through a specific ETEP.

User defined virtual IP address. This is useful for load balanced traffic over a private data network, or when sending traffic over the public internet.

Related topics:

“Network Addressing for IP Networks” on page 35

“Addressing Mode” on page 185

“Local and Remote Port IP Addresses” on page 307

“Encryption Policy Settings” on page 334

Local and Remote Port IP Addresses

When transparent mode is disabled, you need to assign an IP address, subnet mask, and default gateway to the local and remote ports. The remote port connects the ETEP to an untrusted network, which is typically a WAN, campus LAN, or MAN. The local port IP address identifies the ETEP to the device on the local side of the network, such as a server or a switch.

NOTE

If you change the remote IP address on an ETEP that is already deployed in a policy, you must redeploy your policies after the new configuration is pushed to the appliance.

EncrypTight User Guide

307

Page 306
Image 306
Black Box EncrypTight Local and Remote Port IP Addresses, When to use transparent mode, Policy Type Mode of operation

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.