HP-UX IPFilter Version A.03.05.14 Administrator's Guide
HP-UX IPFilter and IPSec
When Traffic Appears to Be Blocked
Chapter 9 133
When Traffic Appears to Be Blocked
In the following scenario there is overlap in the configurations of IPFilter
and IPSec. To get this negotiation through, you must configure IPFilter
rules to let TCP traffic through.
Figure 9-4 Scenario Three
In Scenario Three, IPSec is configured to encrypt TCP traffic between
machine A and machine B and IPFilter is configured to block all TCP
traffic with the following rules:
block in proto TCP
block out proto TCP
IPSec <---------------> TCP <-----------------> IPSec
A
B
10.10.10.10
15.15.15.15
IPFilter
---TCP-----