XT Encrypted Ethernet Tunnel Appliance

XT Encrypted Ethernet Tunnel Family

  • Creates encrypted or non-encrypted tunnels through WAN ethernet links
  • Ideal for voice, video, VOIP, and ROIP tunnelling applications
  • Client software is available for PCs
  • Industrial rated products
  • AC and DC power supply options
  • Models with 10/100/1000 Base-T Eethernet interfaces
  • Supports dynamic DNS
  • Some models contain an internal four port switch
  • Models with multiple independent ethernet ports
  • Easy to setup and maintain
  • Each server unit supports multiple client units
  • May be configured as a server, client, or both
  • Tunnels multicast and all other ethernet protocols over either UDP/IP or TCP/IP links
  • AES 128, 192 or 256 bit encryption
  • Any unit may be configured for primary and redundant connections
  • Bridge/Tunnel supports 4,096 MAC addresses
  • Remote PCs appear to be on the local network due to our bridging technology
  • Supports 802.1Q tagged V-LAN trunks
  • Extensive filtering on many combinations of MAC, IP, and Protocol conditions
  • Auxillary single Port Terminal Server Functionality
  • NAT friendly
  • Extensive logging and diagnostic tools
  • Compatible with other DCB tunnels... UT, ET, and XT series products of any vintage interoprate
Model Maximum Throughput
(Varies with Packet size)
XT-3306 15 Mbps 8 $ 700
XT-6606 63 Mbps 50 $ 2250
XT-6632 700-789 Mbps 128 $ 4695

XT-3306 Front View

XT-6606 Front View

XT-6632 Front View

Quick Links

How To Order
Common Features
XT-3306 Features
XT-6606 Features
XT-6632 Features
Application Notes
Download a PDF copy of the XT-3306 data sheet
Download a PDF copy of the XT-6606 data sheet
Download a PDF copy of the XT-6632 data sheet
Download a PDF copy of the XT User Manual

Common Applications

  • Tunneling multicast voice and video through public and/or private networks using efficient unicast UDP/IP
  • VLAN –Tunnel multiple VLAN segments through an external IP network
  • Serving remote offices over tunneled networks to ease network administration, provide remote file and device access
  • Utilities, NERC & CIPS: Critical Infrastructure Protection, gas and oil production, pipelines, electric generation, transmission and distribution
  • Retail – Stores, kiosks, credit card machines --- especially those using wireless links
  • Law Enforcement – Small remote offices
  • Medical – AES encryption meets HIPAA requirement for securing data over open networks such as the Internet. Ideal for emergency and portable medical operations.
  • Field or sales personnel working in temporary and remote locations.
  • Financial industry – Additional security on internal corporate links, branch offices, ATM machines, key personnel remote secure access.
  • Added security within a large corporate network
  • Temporary remote locations... remote broadcast, ENG, emergency dispatch
  • Remote network monitoring via the Internet
  • CIPS: Secure remote SCADA networks, extend the Electronic Security Perimeter


XT products create an encrypted tunnel through IP networks. They create an encrypted Layer 2 tunel via Layer 3 IP networks. In it's most simple form, the XT is a "lump in the cord" between a protected LAN and an unprotected WAN.

XTs use either UDP/IP or TCP/IP for transport between units, and are compatible with other XT units as well as DCB's UT and ET products. The UT-Soft software client also works well with XT servers to provide a remote PC client.

XT series products operate in server-client pairs (or using multiple clients and servers in a system).

The XT series encrypts the path between units using AES encryption. AES is the US Government standard. 128.192, or 256 bit AES encryption are supported.

Depending upon the model, XT trusted ports are either ethernet 10/100BaseT or 10/100/1000BaseT. The WAN, or untrusted, data port is an ethernet port running 10/100BaseT or 10/100/1000BaseT. WAN port data can be sent encrypted or unencrypted. The serial port is used only for setup.

The XT tunnels operate through firewalls with only one UDP port of your choice opened. It bridges all ethernet protocols including IPX, IP, NetBEUI, VOIP, ROIP, and other proprietary protocols as well as multi-cast. The XT series is straight-forward, easy to configure and maintain. Each XT encrypts an entire location for 100s of PCs and other devices.

Units configured as a server typically has a fixed IP address. Clients may have fixed IP addresses or obtain a dynamic address. Dynamic DNS is also supported for server locations that do not have a fixed address available.

Upon power-up, the clients attempt to create a persistant connection to the configured server. If a redundant server is configured, there is automatic fail-over between the primary and redundant server with automatic recovery when the primary link is again available.

Most XT products contain a serial port may be configured as a single port terminal server. This allows the XT to interoperate with DCB's EtherPoll SCADA communications system and other encrypted XT devices. This also provides an encrypted connection for the serial data.

The XT series provides state-of-the-art straight-forward, easy to configure AES encryption security without the configuration complexity of normal VPNs.

For encryption of serial RS-232 links not involving ethernet or IP, see our SE-6600 product line.

Due to the encryption employed in these products, XT series products are export controlled items and are regulated by the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce. Some are classified as mass market encryption devices and may not be exported or shipped for re-export to restricted countries in Country Group E:1. They are shippable to most other countries. Please call if you have any export questions.


XT Common Features

XT-3306 Features

XT-6606 Specifications

XT-6632 Specifications


How it works

The XT family products create an encrypted tunnel which passes Ethernet packets between two trusted LAN segments. All ethernet protocols are bridged between the units. The XT operates in conjunction with other XT, ET, UT units and UT-Soft. One unit is required for each location. Multiple client units may be connected to the same host unit, and a client may be connected to multiple host units (daisy-chained operation). A host unit may be configured to block client-unit to client-unit connections, or to allow them. All XT series units are compatible. The following application notes were written for the UT and ET series products. The concepts and many operational details are identical to those of the XT products.

The Facts, Please.

Read the encryptor FAQ for quick answers to questions others have asked. Just click here.

All DCB ethenet encryptors operate similarly, with differences being in the protocols, capabilities, and authentication methods. Since the topology is comparable for all of them, we show application notes for all these products together.

UT Product Security In Perspective
This document provides an overview of the UT security perspective as well as best practices for configuring UT encryptors.

Redundancy Techniques Using DCB Tunnel Devices and Software.
Users have come to rely on DCB tunnel products to implement secure networks for mission critical applications in which downtime must be kept to a minimum. Thus it is not unusual for customers to ask questions about techniques that may be applied to make the tunnel network more robust. This document describes some of those techniques with examples.

Quick-start guide to the XT-3306.
This application note guides the new XT-3306 user from opening the boxes to having a working encrypted tunnel between two XT-3306 units on a test bench. Step-by-step instructions make it quick and painless to learn the configuration process. One difference between the XT and the UT/ET families is that the XT allows the selection of TCP and UDP protocols for the tunnel path.

Troubleshooting guide for the above Quick-start.
If it didn't go well and doesn't immediately work, this guide offers some troubleshooting hints. Most people won't need this, but it's here if you do.

Encrypted Bridge Installation Option
An application note describing an appliance-like installation that allows the Tunnel to be located anywhere on the local LAN. Known around DCB as the "Single-Port Installation".

Using the UT Encrypted Bridges and UT-SOFT with IP Multicast.
Discusses applying the UT products to transport VOIP multicast via non-multicast wide area networks. Examples showing IP voice dispatch radios for public service agencies. The UT supports multi-cast IP over normal uni-cast networks and allows a private multi-cast network to span multiple IP networks. The UT-SOFT software client allows any PC to be a securely connected node on a remote network

Motorola MIP 5000 VoIP Radio Console VPN Solution Guide
This Motorola produced MIP 5000 VoIP Radio Console VPN Solution Guide features a virtual private network (VPN) solution that has been tested with MIP 5000 VoIP Radio Console. The VPN solution uses a pair of encrypted Ethernet bridges to provide a secure Ethernet tunnel between the dispatch center and a remote MIP 5000 console. The secure Ethernet tunnel supports a remote console operator receiving audio from and transmitting audio to radio channels and other MIP 5000 consoles using AES encryption.

UT Tunnel Installation Note - "Living On a Wild Feed... Safely"
This short application note summarizes the options and requirements for directly connecting the untrusted interface of UT encrypted tunnels to the Internet. Yes, the UT tunnels may be safely living on the wild side of your firewalls and if properly configured appear to be a "black hole" to your adversaries!

Using the UT for Remote Management Applications Since the UT along with UT-Soft enables a remote workstation to have a virtual presence on a remote LAN segment, it's quite useful for network monitoring and analysis, similar to a RMON without the headaches. Download an application note that discusses using UT-Soft and our UT servers for remote LAN network montoring.

The UT series operates similarly to our ET series encrypted tunnel. The main difference between the two product lines is that the UT uses UDP/IP protocol for the tunnel link while the ET uses TCP/IP for the tunnel link protocol. The following ET application notes apply to the UT as well as the ET series.

ET Encrypted Bridge Quick-Start Installation Guide
A cookbook style quick start guide to installing the ET Encrypted Bridges. Illustrates common usage examples with fill-in-the-blank instructions.

ET-3302/6600 Encrypted Bridge Applications
Some ways the ET products are being used to tunnel IP traffic in the real world.

ET Encrypted Bridge Installation Option
An application note describing an appliance-like installation that allows the ET to be located anywhere on the local LAN. Known around DCB as the "Single-Port Installation".

Using the ET Encrypted Bridges with 801.Q VLANs
Discusses configuring the ET products to handle 801.Q VLAN traffic. The ET supports 801.Q VLAN tagged packets, and allows a VLAN to span multiple IP networks.

Using the ET Encrypted Bridges with IP Multicast.
Discusses applying the ET products to transport VOIP multicast via non-multicast wide area networks. Examples showing IP voice dispatch radios for public service agencies. The ET supports multi-cast IP over normal uni-cast networks and allows a private multi-cast network to span multiple IP networks.

Automating Dial-Up Router and Bridge PPP Connections
An application note that details one common method of automating the use of DCB routers and bridges to dial multiple remote locations on a scheduled or automated basis.

Applications Drawing

Questions? Phone us toll free at 800-432-2638

You may order these on-line, but if this is your first XT installation, we prefer that you phone us and discuss your application prior to ordering. Our consultations are always free!

Item Number Description Price Buy Now!
XT-3306 Encrypted XT Ethernet Tunnel Appliance (included 120VAC power supply) $ 700 Qty:
XT-6606 Encrypted XT Ethernet Tunnel Appliance (Includes 120VAC power supply) $ 2250 Qty:
XT-6632 Encrypted XT Ethernet Tunnel Appliance ( 120VAC power ) $4695 Qty:
XT-48VDC 36-72 VDC external power supply option for XT-3306, XT-6606 $ 75 Qty:
XT-125VDC 125 VDC external power supply option for XT-3306, XT-6606 $ 125 Qty:
9902090 Optional DIN rail mounting clips for XT-3306 and XT-6606 $ 5 Qty:

Data Comm for Business Inc.
2949 County Road 1000 E
Dewey, Il 61840
Voice: 217-897-6600
Toll Free: 800-4-DCB-NET
Toll Free: 800-432-2638
Email: Contact Page
Web: www.dcbnet.com
Fax: 217-897-8023
All DCB web pages copyright ©1995- Data Comm for Business, All rights reserved.
EtherPath®, EtherSeries®, EtherPoll®, EtherBridge® and EtherModem® are Registered Trademarks of Data Comm for Business, Inc.