Manualshelf

HP-UX IPSec Version A.03.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
41424344454647484950
HP-UX IPSec Topologies
You can use IPsec between hosts (end nodes), between gateways, and between a host and a
gateway in an IP network. You can install HP-UX IPSec only on end nodes. An HP-UX IPSec
system can have the following roles:
A host in a host-to-host IPsec topology
A host in a host-to-gateway IPsec topology
A host in a host-to-host IPsec tunnel topology, frequently referred to as an end-to-end tunnel.
End-to-end tunnels are commonly used in iSCSI topologies.
Uses for HP-UX IPSec include:
Providing host-to-host security within an intranet. You can use HP-UX IPSec to secure
intranet packets that carry sensitive data, such as personnel and payroll information.
Creating VPNs to allow external partners to access selected internal systems through the
public Internet.
Protecting backend servers in topologies that external clients access through application
gateway servers in an area outside corporate firewalls (demilitarized zone, or DMZ).
Host-to-Host Security Within an Internal Network
Two end hosts can run HP-UX IPSec locally to protect communication between them, with or
without intermediate gateways.
You can use HP-UX IPSec to secure sensitive network communication within an enterprise, such
as network communication for Human Resources (HR) or payroll groups. In Figure 1-13,
host-to-host IPsec secures all packets within the HR subnet, and between node E1 in the
engineering subnet and H1 in the HR subnet.
Figure 1-13 HP-UX IPSec Host-to-Host IPsec in an Internal Network
Engineering Department
HR Department (Secure subnet)
E1 E2 E3
H1 H2 H3
IPSec Router
IPSec IPSec
Host-to-Host VPN Across the Internet
IPsec can provide secure VPN tunnels through the public Internet. VPN tunnels protect packet
transfer from a remote workstation to a corporate intranet or link geographically dispersed
portions of an intranet without using expensive leased lines. VPN tunnels can also link the
computing facilities of business partners and secure mobile and wireless node communications.
In Figure 1-14, the supplier and manufacturer have separate intranets that are connected to the
public Internet using Internet Service Providers (ISPs). System A on the suppliers intranet and
HP-UX IPSec Topologies 43