Disclosed is an architecture for a network access server wherein a switching device is placed between a network gateway device and a first network, where the switching device detects the presence or absence of a security protocol field in the header information of data packets received from the first network and routes the data packets accordingly. When the security protocol field is absent, the switching device routes the data packet to the network gateway device for processing in accordance with a protocol service provided by the network access server. When the security protocol field is present, the switching device decrypts the data packet, processes the data packet in accordance with the protocol service provided by the network access server, and routes the data packet to another device within the network access server on the basis of decrypted address information within the data packet.