HP-UX IPSec Version A.03.00 Administrator's Guide
In these scenarios, HP-UX IPSec can secure the host-to-host data path between the gateway
application server in the DMZ (B in Figure 1-16) and the backend server (C in Figure 1-16). You
must configure filtering on the gateway application server (B) to limit access to the backend
servers.
Figure 1-16 HP-UX IPSec Securing a Backend Server
Supplier’s
Intranet
Manufacturer’s Intranet
IPSec
FirewallFirewall
Screening
Router
Public
Network
Router
A
B C
Securing Access between the Client and DMZ Server
For added security, you can use IPsec between the client (system A in Figure 1-16) and the
gateway application server in the DMZ (B in Figure 1-16). Alternatively you can deploy an IPsec
VPN gateway appliance on the external network. The IPsec VPN gateway appliance and the
gateway application server in the DMZ establish IPsec gateway-to-gateway sessions. Client
requests can go through the external IPsec VPN gateway appliance to the gateway application
server in the DMZ and then to the backend server. The IPsec VPN gateway enables clients to
access the backend servers without having IPsec locally installed.
HP-UX IPSec Topologies 45