Communication between a private network (1) and a roaming mobile terminal (4), the private network (1) including a home agent (5) for the mobile terminal and a gateway (2, 3) through which, the communication passes and which-provides security protection for the private network (1). The protocols of the communication Including security association bundles each include a security association between the mobile terminal (4) and the gateway (2, 3) for inbound communication and another security association for outbound communication. In response to a handover of communication causing an IP address. (MN Co @) of the mobile terminal (4), to change to a new IP address (MN: New Co @), the mobile terminal updates its inbound security association from the, gateway (2, 3) so that it can receive packets sent to it with the new IP address (MN New Co @) as destination. It sends a first signalling message with: the home agent (5) as destination: in a secure tunnel (20') to the gateway (2, 3), indicating the new IP address (MN, New Co @) in secure form to the home agent (5). The inbound security association of the gateway (2, 3) from the mobile terminal (4) accets, the first signalling message without cheking its source address. The gateway (2, 3) forwards the first signalling message within the private network (1) to the home agent (5), the home agent (5) checks the validity of the first signalling message and, if It is valid, updates its address data and sends a second signalling message to the gateway (2,3) indicating the new address (MN New Co @). The gateway (2, 3) updates its outbound security association with the mobile terminal (4) in response to the new address (MN New Co @) indicated. Preferably, communication between the mobile node (4) and the gateway (2, 3) is in accordance with IPsec and an Encapsulating Security Paypepad protocol used in tunnel mode. Preferably, a registration reply for the mobile node (4) is included In the second signalling message.