IPSec can be employed between hosts (that is, end nodes),
between gateways, or between a host and a gateway in an IP network.
HP-UX IPSec can only be installed on end nodes.
Installing HP-UX IPSec on an HP-UX system that is a router
or gateway is not supported, except when the system is used as an
HP-UX Mobile IPv6 Home Agent. See Chapter 7 “HP-UX IPSec and HP-UX
Mobile IPv6” for more information.
Host-to-Host
Topology |
 |
Two end hosts can run HP-UX IPSec locally to protect communication between
them, with or without intermediate gateways.
Host-to-Host
Tunnel Topology |
|
Two end hosts with HP-UX IPSec protection can configure a
tunnel policy that securely protects traffic between them. The tunnel
adds extra protection; an intruder cannot see the real IP headers
of packets traveling between the hosts.
The host-to-host tunnel topology is commonly used in an iSCSI environment.
Gateway-to-Gateway
Topology |
|
Two hosts each reside upon insecure networks (such as insecure intranets).
These hosts need to communicate securely over an insecure public
network (such as the Internet). HP-UX IPSec can be used over a tunnel
between two (non-HP) IPSec gateways to provide additional end-to-end
security.
Printable version
