This is what it says in the IP Security Policies on Local Computer snap-in for the MMC when you click on "Edit" and the "Tunnel Setting" tab: The tunnel endpoint is the tunneling computer closest to the IP traffic destination, as specified by the associated IP filter list. It takes two rules to describe an IPSec tunnel. What is a IPSec tunnel. The description that Windows XP gives sounds awefully resembalent to what people call spoofing.

Look here: http://www.intranetjournal.com/foundation/tunneling.shtml [What is tunneling? Technically, it is the process of putting one packet inside another. Recalling that packets are the chunks of information into which all Internet messages get chopped, tunneling can be thought of as the act of encapsulating ordinary (non-secure) IP packets inside of encrypted (secure) IP packets. It is sometimes more useful to think of tunneling in a less literal sense, namely, as a "tunnel" of privacy between two end-points connected by a public (non-secure) channel. This is often the Internet, but it could equally be the cellular telephone network. In a hide-in-plain-sight fashion, tunneling provides privacy by encrypting everything that goes into and comes out of a secure tunnel.]

What echo is saying is true. Tunneling is fairly common when you want to create a secure connection between to networks that trust each other Exmaple - If Aol wanted to create a secure connection between their network and Time Warner so that information could be sent between to two securely, they could set up a tunnel where each place is identifying the others IP address as a trusted site. Aol could then send information to Time Warner securely and visa versa. Think of it in a sense of sending email to someone else with an important document attached. If you're concerned about security issues, you can ease that concern by creating a tunnel so that you know both endpoints can view that information and during the transfer process, it's secure from hackerrs. Also Tony mentioned that it takes 2 rules to set it up. That is partially true, it takes 2 on each end point totaling 4. It takes an inbound and outbound rule setup at AOL (using my example) and an inbound and outbound rule at Time Warner.

When you make a connection to a remote server, say Computing.net for example, would my IP address show up or would it be the person I am tunneling through... I need some help trying to find a way to make my IP address invisible, so when someone does a traceroute on me they end up seeing someone from afganastan or somewhere else? Or am going I going to have to go through six more routers by the end of the year?