HP-UX IPSec version A.02.00 Administrator's Guide
Configuring HP-UX IPSec
Step 6: Configuring the Bypass List (Local IPv4 Addresses)
Chapter 3 101
Step 6: Configuring the Bypass List (Local
IPv4 Addresses)
The bypass list specifies local IPv4 addresses that IPSec will bypass or
ignore. The system will not attempt to find an IPSec policy for packets
sent or received using an IP address in the bypass list, and the system
will process these packets as if HP-UX IPSec was not enabled.
The bypass list improves transmission rates for addresses in the bypass
list. The bypass list is useful in topologies where most of the network
traffic passes in clear text and you only need to secure selected traffic on
specific interfaces.
NOTE The bypass list is not supported for IPv6 addresses.
If you do not need to configure bypass interfaces, go to “Step 7: Verify
Batch File Syntax” on page 104.
Logical Interfaces
An entry in the bypass interface list affects only the logical interface for
the IP address, not the physical interface (network card). If you have
multiple IP interfaces configured for a physical interface (for example,
lan0:0, lan0:1, and lan0:2) and you want IPSec to bypass all IP
addresses for that physical interface, you must enter all the IP addresses
for the physical interface in the bypass list.
Example
You have a critical application and must encrypt and authenticate its
network packets. All other IP traffic in the network can pass in clear
text. You configure additional logical interfaces (lan0:1) for the critical