HP-UX IPFilter Version 17 Administrator's Guide

NOTE: If IPSec is configured to use AH rather than ESP, you must configure IPFilter to let

protocol 51 traffic pass. If IPSec uses nested AH and ESP, IPFilter can be configured to let only

protocol 51 (ah) traffic pass.

14.5 IPSec Gateways

You can configure IPSec to encrypt and authenticate traffic to a gateway between two end hosts.

A configuration that encrypts IPSec packets to a gateway is called an IPSec tunnel.

IPFilter can coexist with IPSec tunnels without conflict. However, you must configure IPFilter

to allow IPSec traffic with the gateway instead of the end node. The IPFilter rules for the UDP/500

and protocol 50/51 traffic must be passed to and from the gateway IP address rather than the

end node IP address.

120 HP-UX IPFilter and IPSec