When a packet is received from a partner device (3) connected to the Internet (2), a filter information storage unit (15) is referenced according to the transmission source and transmission destination IP address/port number in the packet and the protocol and a decryption judgment unit (16) judges whether to perform decryption or bypass. If it is judged to perform decryption, the reception packetis decrypted according to encrypted communication path information agreed in advance by the partner device (3) and a terminal device (5) not having the IPSec function and the reception packet is sentto the terminal device (5) from the encryption path information storage unit (12). The encrypted communication path information is used to establish a packet communication path based on the IPSec between the partner device (3) and the terminal device (5) and includes an identification number, protocol information on the encryption process or signature process, encryption algorithm, key information, IP address/port number, and the like. The partner can use the transport mode.