Using Internet Protocol Security with Network Address Translation and Internet Security Acceleration Server

Article translations Article translations
Article ID: 314764 - View products that this article applies to.
This article was previously published under Q314764
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

SUMMARY

This article discusses the interoperability of Internet Protocol Security (IPSec) and Translation technologies. The translation technologies discussed in this article are Network Address Translation (NAT) and Internet Security Acceleration (ISA) Server.

MORE INFORMATION

IPsec

IPsec is a set of protocols that supports a secure exchange of packets over an Internet Protocol (IP). Virtual Private Networks (VPNs) typically use IPs.

IPsec and Translation Technologies

IPsec traffic cannot pass through any translation technologies. However, IPsec supports two encryption modes: IPsec Transport Mode and IPsec Tunnel Mode.

IPsec Transport Mode

IPsec Transport Mode encrypts the data portion of each packet, but does not encrypt the header. You can make IPsec Transport Mode connections when the endpoints are the translation technologies, for example IPsec Transport Mode works between two computers that run Windows 2000 NAT.

IPsec Transport Mode protects only the data between the two peers unless Layer Two Tunneling Protocol (L2TP)/IPsec is used with the Routing and Remote Access service.

Note: L2TP/IPsec uses the IPsec Transport Mode.

IPsec Tunnel Mode

IPsec Tunnel Mode encrypts both the data portion and the header of the packet. IPsec Tunnel Mode does not work directly with an endpoint that runs Network Address Translation (NAT) or Internet Security Acceleration Server (ISA).

Note: ISA is based on Windows 2000 NAT.

Properties

Article ID: 314764 - Last Review: October 24, 2013 - Revision: 3.1
APPLIES TO
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Service Pack 2
  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Service Pack 2
  • Microsoft Internet Security and Acceleration Server 2000 Standard Edition
Keywords: 
kbnosurvey kbarchive kbinfo KB314764

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com