Using Internet Protocol Security with Network Address Translation and Internet Security Acceleration Server (314764)

SUMMARY

This article discusses the interoperability of Internet Protocol Security (IPSec) and Translation technologies. The translation technologies discussed in this article are Network Address Translation (NAT) and Internet Security Acceleration (ISA) Server.

MORE INFORMATION

IPsec

IPsec is a set of protocols that supports a secure exchange of packets over an Internet Protocol (IP). Virtual Private Networks (VPNs) typically use IPs.

IPsec and Translation Technologies

IPsec traffic cannot pass through any translation technologies. However, IPsec supports two encryption modes: IPsec Transport Mode and IPsec Tunnel Mode.

IPsec Transport Mode

IPsec Transport Mode encrypts the data portion of each packet, but does not encrypt the header. You can make IPsec Transport Mode connections when the endpoints are the translation technologies, for example IPsec Transport Mode works between two computers that run Windows 2000 NAT.

IPsec Transport Mode protects only the data between the two peers unless Layer Two Tunneling Protocol (L2TP)/IPsec is used with the Routing and Remote Access service.

Note: L2TP/IPsec uses the IPsec Transport Mode.

IPsec Tunnel Mode

IPsec Tunnel Mode encrypts both the data portion and the header of the packet. IPsec Tunnel Mode does not work directly with an endpoint that runs Network Address Translation (NAT) or Internet Security Acceleration Server (ISA).

Note: ISA is based on Windows 2000 NAT.