If IPSec is used in a VPN, packet filtering as a method of access control will fail due to the encryption used. But the encrypting AH protocol may serve as access control in the packet filter's stead. The cryptography of AH is robust enough to implement an authentication strategy.

A packet filter can still be a part of the network, but with simplified rules (compared to what they would be otherwise) of filtering. Also, packet filters may be very useful on certain network legs, such as those between the gateway end of the tunnel and the destination host.