HP-UX 11i IPsec
HP-UX 11i IPsec provides authentication, integrity, and confidentiality of end-to-end communication ensuring that the data exchange is done in a secure way. It implements a family of interrelated protocols, including the Authentication Header (AH), the Encapsulating Security Payload (ESP), the Internet Key Exchange (IKE), and the Internet Security Association Key Management Protocol/Oakley (ISAKAMP/Oakley).

AH and ESP define encryption and authentication methods for IP payloads. IKE and ISAKMP manage the exchange of secret keys, authenticate the communicating parties, and manage their security associations (SA). IKE dynamically manages and generates the secret cryptography keys used to encrypt and authenticate IP packets. ISAKMP/Oakley allows a receiver to obtain a public key and authenticate a sender using digital certificates.

IPSec supports two encryption modes: Transport and Tunnel. In Transport mode, IPSec provides host-to-host security for a host running IPSec from HP or non-HP vendors. Transport mode encrypts only the data (payload) of each packet, leaving the header unencrypted. In Tunnel mode, IPSec implements tunnels to a gateway running IPSec from non-HP vendors. Tunnel mode encrypts both the header and the payload; the receiving IPSec-compliant device must decrypt each packet.