HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)
connection to backend servers within the internal network and forward client requests to the backend
servers.
In these scenarios, HP-UX IPSec can secure the host-to-host data path between the gateway
application server in the DMZ (B in Figure 12) and the backend server (C in Figure 12). You must
configure filtering on the gateway application server (B) to limit access to the backend servers.
Figure 12 HP-UX IPSec securing a backend server
Supplier’s
Intranet
Manufacturer’s Intranet
IPSec
FirewallFirewall
Screening
Router
Public
Network
Router
A
B C
Securing access between the client and DMZ server
For added security, you can use IPsec between the client (system A in Figure 12) and the gateway
application server in the DMZ (B in Figure 12). Alternatively you can deploy an IPsec VPN gateway
appliance on the external network. The IPsec VPN gateway appliance and the gateway application
server in the DMZ establish IPsec gateway-to-gateway sessions. Client requests can go through the
external IPsec VPN gateway appliance to the gateway application server in the DMZ and then to
the backend server. The IPsec VPN gateway enables clients to access the backend servers without
having IPsec locally installed.
44 HP-UX IPSec overview