From the sending end, you use something like a message filter to target which messages get encrypted. Before AsyncOS 5.5, you'd need to redirect such messages to a standalone PostX encryption appliance, but as of 5.5 the encryption ability is built in to AsyncOS. You can either run your own key server or have IronPort host your keys for you. At least, that's how it was explained to me. I have no idea what sort of management burden is associated with either of those two choices.
I am an engineer for Coleman Technologies, Inc, and IronPort partner and have done a few on C-Series box email encryption installs out in the field and just finished our implementation on our internal box.
The install is pretty straight forward and very simple. Once your C-series is provisioned for Luxor (5.5 code) and your box has been upgraded (the admin interface is changed and is much cleaner with drop down menus) you would then go under "Security Services" and then choose the new "IronPort Email Encryption" option. Read through the ULA and accept.
You will then be taken to the "IronPort Email Encryption Settings" page where you will create a profile by clicking the "Add Encryption Profile" button. Give the profile a name (I typically use the domain of the company, so for our case ctiusa.com).
For key service type select "Cisco Registered Envelope Service", and select High or Medium message security (medium = No password entry required if recipient credentials are cached), then submit and commit.
Once you've done that click on the provision button next to the profile you've just created. Once your profile has been provisioned (the button will now say "re-provision") then you will setup an outbound content filter to trigger the encryption.
If anyone has any specific questions just shoot me an email at firstname.lastname@example.org and i'd be more than happy to answer.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...