IPSec provides for secured authentication as well as encrypted data transmission. It operates at the Network layer layer 3 and can be used in transport mode or tunnel mode. In transport mode, the IP packet data is encrypted but the header of the packet is not. In tunnel mode, the entire IP packet is encrypted and a new header is added to the packet to govern transmission through the tunnel. Network Address Translation Hiding the identity of internal clients, masking the design of your private network, and keeping public IP address leasing costs to a minimum is made simple through the use of NAT. Network Address Translation NAT is a mechanism for converting the internal IP addresses found in packet headers into public IP addresses for transmission over the Internet. NAT offers numer- ous benefits, such as being able to connect an entire network to the Internet using only a single or just a few leased public IP addresses. NAT allows you to use the private IP addresses defined in RFC 1918 in a private network while still being able to communicate with the Internet. NAT protects a network by hiding the IP addressing scheme and network topography from the Inter- net. It also provides protection by restricting connections so that only connections originating from the internal protected network are allowed back into the network from the Internet. Thus, most intrusion attacks are automatically repelled. NAT can be found in a number of hardware devices and software products, including fire- walls, routers, gateways, and proxies. It can only be used on IP networks and operates at the Network layer layer 3. Private IP Addresses The use of NAT has proliferated recently due to the increased scarcity of public IP addresses and security concerns. With only roughly four billion addresses 232 available in IPv4, the world has simply deployed more devices using IP than there are unique IP addresses available. Fortu- nately, the early designers of the Internet and the TCPIP protocol had good foresight and put aside a few blocks of addresses for private unrestricted use. These IP addresses, commonly called the private IP addresses, are defined in RFC 1918. They are as follows: 10.0.0.0–10.255.255.255 a full Class A range 172.16.0.0–172.31.255.255 16 Class B ranges 192.168.0.0–192.168.255.255 255 Class C ranges All routers and traffic-directing devices are configured by default not to forward traffic to or from these IP addresses. In other words, the private IP addresses are not routed by default. Thus, they cannot be directly used to communicate over the Internet. However, they can be easily used on private networks where routers are not employed or where slight modifications to router configurations are made. The use of the private IP addresses in conjunction with NAT greatly reduces the cost of connecting to the Internet by allowing fewer public IP addresses to be leased from an ISP.