Article ID: 314764 - View products that this article applies to.
This article was previously published under Q314764
This article has been archived. It is offered "as is" and will no longer be updated.
This article discusses the interoperability of Internet Protocol Security (IPSec) and Translation technologies. The translation technologies discussed in this article are Network Address Translation (NAT) and Internet Security Acceleration (ISA) Server.
IPsecIPsec is a set of protocols that supports a secure exchange of packets over an Internet Protocol (IP). Virtual Private Networks (VPNs) typically use IPs.
IPsec and Translation TechnologiesIPsec traffic cannot pass through any translation technologies. However, IPsec supports two encryption modes: IPsec Transport Mode and IPsec Tunnel Mode.
IPsec Transport ModeIPsec Transport Mode encrypts the data portion of each packet, but does not encrypt the header. You can make IPsec Transport Mode connections when the endpoints are the translation technologies, for example IPsec Transport Mode works between two computers that run Windows 2000 NAT.
IPsec Transport Mode protects only the data between the two peers unless Layer Two Tunneling Protocol (L2TP)/IPsec is used with the Routing and Remote Access service.
Note: L2TP/IPsec uses the IPsec Transport Mode.
IPsec Tunnel ModeIPsec Tunnel Mode encrypts both the data portion and the header of the packet. IPsec Tunnel Mode does not work directly with an endpoint that runs Network Address Translation (NAT) or Internet Security Acceleration Server (ISA).
Note: ISA is based on Windows 2000 NAT.
Article ID: 314764 - Last Review: October 24, 2013 - Revision: 3.1