Encrypted UDP Tunnel  with 1 untrusted, 4 trusted Ports, 10 Mbps, 8 remote Clients-0

Encrypted UDP Tunnel with 1 untrusted, 4 trusted Ports, 10 Mbps, 8 remote Clients


In stock

SKU: UT-3302 Category:



The UT-3302 is a compact, industrial temperature rated device (Internet Appliance) that tunnels all ethernet protocols (layer2 Ethernet) through any UDP/IP connection. The tunnel can be encrypted with AES or non-encrypted. The UT-3302 features five Ethernet LAN ports, a 4 port switch on trusted interface and a serial setup port.

The UT-3302 encrypts data between private networks using the public Internet or any other network as the transport. This creates a flat, bridged network, a private network within public or private networks.

Each UT-3302 can be a client or server. All UT series products operate in server-client combinations (or using multiple clients and servers in a system). The UT-3302 can be a server unit for other UT-3302s, or PCs running UT-SOFT client software. The UT-3302 can also be a client device bridging it’s local LAN to another UT-3302 or UT-6602 configured as a server. The UT-3302 supports up to 8 client UT locations, the UT-6602 supports 50 client UT units. Other models support 100 or more remote UT client locations.

The UT series uses AES 128, 192 or 256 bit encryption. AES is the US Government standard required for Critical Infrastructure Protection (CIPS) networks used in electrical power and utility communications. Additional features support the CIPS requirements such as password criteria, login banners, individual port enable/disable, and others.

Each of the four ethernet ports on the trusted side of the UT may be VLAN tagged (802.1q tagging) and interoperate with other VLAN equipment. Or, the UT connection can be configured as a VLAN trunk.

The UT-3302 network interfaces are Ethernet only. The UT-3302 has external 12, 24 and 48 volt options.

The UT series operates through firewalls with only one port of your choice opened. It bridges all Ethernet protocols including IPX, IP, NetBEUI, SIP, streaming, and other proprietary protocols. The UT series is straight-forward, easy to configure and maintain. The UT series has state-of-the-art AES encryption security without the configuration complexity of VPN.

The serial port of the UT-3302 functions as a TCP/IP or UDP/IP serial port “serial-server” or may be used for initial setup of IP address. The serial port may be used for initial IP address configuration. It interoperates with other DCB EtherPath or EtherPoll serial servers, and may be used to provide an AES encrypted serial link through any UDP/IP network.

For encryption of serial RS-232 links not involving ethernet or IP, see our SE-6600 product line.

Due to the encryption employed in these products, UT series products are export controlled items and are regulated by the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce. The UT-6602 and UT-3302 are classified as mass market encryption devices and may not be exported or shipped for re-export to restricted countries in Country Group E:1. They are shippable to most other countries.



  • One asynchronous DE-9P RS232 serial port provides TCP/IP or UDP/IP serial server functions or initial IP address setup
  • Two Ethernet ports, 10/100BaseT, MDI/MDIX, half/full duplex, with 4-port switch on the trusted interface
  • Sustained throughput of 10 Mbps with AES encryption mode
  • Up to 6,000 PPS throughput, depending upon packet size
  • Connect up to 8 remote client UTs to one UT configured as a server
  • MAC bridging table supports 2,048 entries
  • Ethernet ports configurable as 802.1q VLAN
  • Traverses firewalls through a single port, any port, with port 22 the default port
  • Communicates with UT-6600,UT-6601, UT-3300 and UT-Soft products

Protocol Features

  • AES 128, 192, and 256 bit encryption
  • Dynamic DNS support
  • Auto-Disconnect timers
  • Automatic fail-over for critical links
  • Web browser configuration and management from local or remote trusted interface
  • Default IP address:
  • Initial IP address may be configured via local serial terminal
  • Supports 802.1Q VLAN as a trunk or individual ports
  • Extensive filtering on MAC, IP, and Protocol
  • Tunnels multicast packets and all ethernet protocols
  • Serial Port is compatible with DCB EtherPoll and EtherPath serial server functionality
  • NAT and firewall friendly


  • Sustained throughput greater than 10 Mbps with AES encryption
  • Up to 6,000 packets per second throughput, depending upon packet size
  • MAC table supports 2,048 entries
  • Trusted interface four port switch is wire-speed


  • Side – Power, port activity (2)
  • Front – LAN connection, LAN activity (per port)


  • Power requirements: 10 to 18 VDC, 6 watts
  • Wide range 24, 48, and 125 VDC options are available
  • Supplied with 120-240 VAC external power supply
  • 5″ x 3.75″ x 1″
  • Shipping weight one pound


  • Operational Temperature: -20 to +70 C
  • Storage Temperature: -50 to +85 C
  • Humidity: Non-condensing
  • Power Supply Options may affect temperature specifications


How it works

The UT family products create an encrypted tunnel which passes Ethernet packets between two trusted LAN segments. All ethernet protocols are bridged between the UT units. The UT only operates in conjunction with other UT units. One unit is required for each location. Multiple client units may be connected to the same host unit, and a client may be connected to multiple host units (daisy-chained operation). A host unit may be configured to block client-unit to client-unit connections, or to allow them. All UT series units are compatible.

Download a copy of the manual.

Download the UT Remote Management Applications Note. Since the UT along with UT-Soft enables a remote workstation to have a virtual presence on a remote LAN segment, it’s quite useful for network monitoring and analysis, similar to a RMON without the headaches. Download an application note that discusses using UT-Soft and our UT servers for remote LAN network montoring.

The UT series operates similarly to our ET series encrypted tunnel. The main difference between the two product lines is that the UT uses UDP/IP protocol for the tunnel link while the ET uses TCP/IP for the tunnel link protocol. The following ET application notes apply to the UT as well as the ET series.

Using the UT Encrypted Bridges and UT-SOFT with IP Multicast.
Discusses applying the UT products to transport VOIP multicast via non-multicast wide area networks. Examples showing IP voice dispatch radios for public service agencies. The UT supports multi-cast IP over normal uni-cast networks and allows a private multi-cast network to span multiple IP networks. The UT-SOFT software client allows any PC to be a securely connected node on a remote network
Motorola MIP 5000 VoIP Radio Console VPN Solution Guide
This Motorola produced MIP 5000 VoIP Radio Console VPN Solution Guide features a virtual private network (VPN) solution that has been tested with MIP 5000 VoIP Radio Console. The VPN solution uses a pair of encrypted Ethernet bridges to provide a secure Ethernet tunnel between the dispatch center and a remote MIP 5000 console. The secure Ethernet tunnel supports a remote console operator receiving audio from and transmitting audio to radio channels and other MIP 5000 consoles using AES encryption.

ET Encrypted Bridge Quick-Start Installation Guide
A cookbook style quick start guide to installing the ET Encrypted Bridges. Illustrates common usage examples with fill-in-the-blank instructions.

ET-3302/6600 Encrypted Bridge Applications
Some ways the ET products are being used to tunnel IP traffic in the real world.
Using the ET-6601 Encrypted Bridge with EVDO & Wifi
Discusses using the ET-6601 with high speed cellular modems and 802.11 Wifi wide area connections.
ET Encrypted Bridge Installation Option
An application note describing an appliance-like installation that allows the ET to be located anywhere on the local LAN. Known around DCB as the “Single-Port Installation”.

Using the ET Encrypted Bridges with 801.Q VLANs
Discusses configuring the ET products to handle 801.Q VLAN traffic. The ET supports 801.Q VLAN tagged packets, and allows a VLAN to span multiple IP networks.

Using the ET Encrypted Bridges with IP Multicast.
Discusses applying the ET products to transport VOIP multicast via non-multicast wide area networks. Examples showing IP voice dispatch radios for public service agencies. The ET supports multi-cast IP over normal uni-cast networks and allows a private multi-cast network to span multiple IP networks.
Automating Dial-Up Router and Bridge PPP Connections
An application note that details one common method of automating the use of IP-6600 routers and ET-6600 bridges to dial multiple remote locations on a scheduled or automated basis.

Applications Drawing

UT-3302 Encrypted UT ethernet Tunnel Appliance, includes external 120 VAC power supply
9501090 18-35 VDC external power supply option
9501091 36-72 VDC external power supply option
9501081 125 VDC external power supply option

Additional information

Weight 2 lbs
Dimensions 5 × 5 × 5 in