When a packet is received from a counterpart apparatus 3 connected to the Internet 2, it is determined by a decryption determination part 16 whether to decrypt or bypass the received packet by referring to a filter information storage part 15 based on a sending source and sending destination IP addresses and port numbers and a protocol. If it is determined that decryption is to be performed, then the received packet is decrypted based on cryptographic communication channel information agreed in advance between the counterpart apparatus 3 and a terminal 5 which does not have an IPSec function, in a cryptographic communication channel information storage part 12, and sent to the terminal 5. The cryptographic communication channel information is used for establishing a packet communication channel in conformity with IPSec between the counterpart apparatus 3 and the terminal 5, and includes an identification number, protocol information about whether encryption processing or signature processing, a cryptographic algorithm or key information, IP addresses and port numbers, and the like. The counterpart can use a transport mode.