HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and IPFilter
IPFilter and IPSec Basics
Chapter 6 191
IPFilter and IPSec Basics
You can use HP-UX IPSec and HP-UX IPFilter on the same system.
However, there are situations in which one product might block traffic
for the other. The following figure shows the positions of IPFilter and
IPSec in the network stack:
Figure 6-1 IPFilter and IPSec
IPFilter, which is below IPSec in the networking stack, filters network
packets before they reach IPSec. You can have both IPFilter and IPSec
configured and running on a machine without them negatively affecting
each other.
Figure 6-2 IPFilter Scenario One
In Scenario One above, you have IPFilter and IPSec on machine A with
IPFilter blocking packets from machine B and IPSec encrypting packets
from machine C. When a packet arrives at machine A, IPFilter checks to
see if it is from machine B, and, if so, blocks the packet. If not, the
packet continues up the stack to IPSec. IPSec checks to see if it is from
machine C. If so, the packet arrives encrypted.
IPSec
IPFilter
B <---------------> A <-----------------> C
(IPSec)
(IPFilter) (IPSec)