HP-UX IPSec Topologies

End-to-End Topology

Two end hosts can run HP-UX IPSec locally to protect communication between them, with or without intermediate gateways.

Figure 1-11 IPSec End-to-End Topology

End-to-Gateway Topology

In situations where the local subnet is a trusted network, HP-UX IPSec can be employed between an end host system and the gateway to provide security services between these systems, thereby creating a secure Virtual Private Network (VPN).

Figure 1-12 End Host-to-Gateway (VPN) Topology

	NOTE: In an End-to-Gateway topology, the gateway cannot be an HP-UX system.

Figure 1-13 End-to-Gateway IPSec Topology

End-to-End Tunnel Topology

Two end hosts with HP-UX IPSec protection can configure a tunnel policy that securely protects traffic between them. The tunnel adds extra protection; an intruder cannot see the real IP headers of packets traveling between the hosts.

End-to-end tunnel topology is commonly used in an iSCSI environment.

Figure 1-14 End-to-End Tunnel Topology

Gateway-to-Gateway Topology

Two hosts each reside upon insecure networks (such as insecure intranets). These hosts need to communicate securely over an insecure public network (such as the Internet). HP-UX IPSec can be used over a tunnel between two (non-HP) IPSec gateways to provide additional end-to-end security.

Figure 1-15 IPSec Gateway-to-Gateway Topology