HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec Overview
HP-UX IPSec Topologies
Chapter 1 59
Securing Access between the Client and DMZ Server
For added security, you can use IPsec between the client (system A in
Figure 1-17) and the gateway application server in the DMZ (B in
Figure 1-17). Alternatively you can deploy an IPsec VPN gateway
appliance on the external network. The IPsec VPN gateway appliance
and the gateway application server in the DMZ establish IPsec
gateway-to-gateway sessions. Client requests can go through the
external IPsec VPN gateway appliance to the gateway application server
in the DMZ and then to the backend server. The IPsec VPN gateway
enables clients to access the backend servers without having IPsec
locally installed.