Abstract: The conventional address translation techniques cannot allow multiple terminal devices to be accessed by using one identical port number because they can associates one port number with only one device if the terminals do not support encapsulation. According to the present invention, access from a global network to a private network is restricted in accordance with an access control rule established for each device or network sending a packet. Furthermore, address translation is performed in accordance with address translation rules established on a per sending device basis to provide communication between a global network and a private network. When a connection request is received from the global network and if authentication of the connection request is successful, an access control rule is established on a per sending device basis or on a per sending network basis and recorded. After the communication ends, the added access control rule and address translation rule are deleted.

Abstract: When a packet is received from a counterpart apparatus 3 connected to the Internet 2, it is determined by a decryption determination part 16 whether to decrypt or bypass the received packet by referring to a filter information storage part 15 based on a sending source and sending destination IP addresses and port numbers and a protocol. If it is determined that decryption is to be performed, then the received packet is decrypted based on cryptographic communication channel information agreed in advance between the counterpart apparatus 3 and a terminal 5 which does not have an IPSec function, in a cryptographic communication channel information storage part 12, and sent to the terminal 5.

Abstract: The conventional address translation techniques cannot allow multiple terminal devices to be accessed by using one identical port number because they can associates one port number with only one device if the terminals do not support encapsulation. According to the present invention, access from a global network to a private network is restricted in accordance with an access control rule established for each device or network sending a packet. Furthermore, address translation is performed in accordance with address translation rules established on a per sending device basis to provide communication between a global network and a private network. When a connection request is received from the global network and if authentication of the connection request is successful, an access control rule is established on a per sending device basis or on a per sending network basis and recorded. After the communication ends, the added access control rule and address translation rule are deleted.

Abstract: When a packet is received from a counterpart apparatus 3 connected to the Internet 2, it is determined by a decryption determination part 16 whether to decrypt or bypass the received packet by referring to a filter information storage part 15 based on a sending source and sending destination IP addresses and port numbers and a protocol. If it is determined that decryption is to be performed, then the received packet is decrypted based on cryptographic communication channel information agreed in advance between the counterpart apparatus 3 and a terminal 5 which does not have an IPSec function, in a cryptographic communication channel information storage part 12, and sent to the terminal 5.