Manualshelf

HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
41424344454647484950
HP-UX IPSec topologies
You can use IPsec between hosts (end nodes), between gateways, and between a host and a
gateway in an IP network. You can install HP-UX IPSec only on end nodes. An HP-UX IPSec system
can have the following roles:
A host in a host-to-host IPsec topology
A host in a host-to-gateway IPsec topology
A host in a host-to-host IPsec tunnel topology, frequently referred to as an end-to-end tunnel.
End-to-end tunnels are commonly used in iSCSI topologies.
An HP-UX Mobile IPv6 Home Agent
Uses for HP-UX IPSec include:
Providing host-to-host security within an intranet. You can use HP-UX IPSec to secure intranet
packets that carry sensitive data, such as personnel and payroll information.
Creating VPNs to allow external partners to access selected internal systems through the public
Internet.
Protecting backend servers in topologies that external clients access through application
gateway servers in an area outside corporate firewalls (demilitarized zone, or DMZ).
Host-to-host security within an internal network
Two end hosts can run HP-UX IPSec locally to protect communication between them, with or without
intermediate gateways.
You can use HP-UX IPSec to secure sensitive network communication within an enterprise, such as
network communication for Human Resources (HR) or payroll groups. In Figure 9, host-to-host IPsec
secures all packets within the HR subnet, and between node E1 in the engineering subnet and H1
in the HR subnet.
Figure 9 HP-UX IPSec host-to-host IPsec in an internal network
Engineering Department
HR Department (Secure subnet)
E1 E2 E3
H1 H2 H3
IPSec Router
IPSec IPSec
Host-to-host VPN across the Internet
IPsec can provide secure VPN tunnels through the public Internet. VPN tunnels protect packet
transfer from a remote workstation to a corporate intranet or link geographically dispersed portions
of an intranet without using expensive leased lines. VPN tunnels can also link the computing facilities
of business partners and secure mobile and wireless node communications.
42 HP-UX IPSec overview