HP-UX IPFilter Version A.03.05.14 Administrator's Guide
HP-UX IPFilter and IPSec
IPFilter and IPSec Basics
Chapter 9 129
IPFilter and IPSec Basics
IPSec and IPFilter will not panic or corrupt each other. However, there
are situations in which one product might block traffic for the other. The
following figure shows the positions of IPFilter and IPSec in the network
stack:
Figure 9-1 IPFilter and IPSec
IPFilter, which is below IPSec in the networking stack, filters network
packets before they reach IPSec. You can have both IPFilter and IPSec
configured and running on a machine without them negatively affecting
each other.
Figure 9-2 Scenario One
In Scenario One, you have IPFilter and IPSec on machine A with
IPFilter blocking packets from machine B and IPSec encrypting packets
from machine C. When a packet arrives at machine A, IPFilter checks to
see if it is from machine B, and, if so, blocks the packet. If not, the packet
continues up the stack to IPSec. IPSec checks to see if it is from machine
C. If so, the packet arrives encrypted.
IPSec
IPFilter
B <---------------> A <-----------------> C
(IPSec)
(IPFilter) (IPSec)