Q

Can you explain many-to-one address translation?

This Content Component encountered an error
Can you explain many-to-one address translation?
In many-to-one address translation AKA-PAT/NAPT (Port Address Translation), the IP address and source IKE port, normally User Datagram Protocol (UDP) port changes. Some VPN devices do not support IKE requests sourced on these ports and devices performing many-to-one NAT do not handle ESP or AH correctly. FYI- ESP and AH are higher-layer protocols on top of IP that do not use ports.

Since many-to-one address translation is common with many environments where remote-access clients are deployed, a special mechanism called NAT transparency exists to overcome these NAT issues. NAT transparency NAT-t re-encapsulates the IKE and ESP packets into another transport layer protocol, such as UDP or TCP, which enables address-translating devices to perform translation correctly. Learn more about NAT-t here.

Also, here's a very good article by Lisa Phifer on NAT & IPSEC issues.

This was first published in October 2004

Dig deeper on IP Networking

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close