Can you explain many-to-one address translation?

In many-to-one address translation AKA-PAT/NAPT (Port Address Translation), the IP address and source IKE port, normally User Datagram Protocol (UDP) port changes. Some VPN devices do not support IKE requests sourced on these ports and devices performing many-to-one NAT do not handle ESP or AH correctly. FYI- ESP and AH are higher-layer protocols on top of IP that do not use ports.

Since many-to-one address translation is common with many environments where remote-access clients are deployed, a special mechanism called NAT transparency exists to overcome these NAT issues. NAT transparency NAT-t re-encapsulates the IKE and ESP packets into another transport layer protocol, such as UDP or TCP, which enables address-translating devices to perform translation correctly. Learn more about NAT-t here.

Also, here's a very good article by Lisa Phifer on NAT & IPSEC issues.

Related Resources

Check the network before moving to the cloud –SearchSecurity.com
Focus: Network virtualisation –ComputerWeekly.com
Mobile banking strategies - maximise your revenues –ComputerWeekly.com
IT Handbook: Network Considerations for VDI –SearchDataCenter.com

Dig Deeper on Network Infrastructure

How do I disable VPN passthrough? What are the pros and cons to disabling it? In this Ask the Expert response, Rainer Enders explains how to disable VPN passthrough and what the benefits and drawbacks are.

Using NAT Traversal and IPsec Passthrough together NAT Traversal and IPsec Passthrough are two different solutions to tunneling encrypted packets through an NAT-ing device like a firewall. Learn to configure them without conflict.

What is the ISAKMP policy and how does it impact IPsec VPN router configuration? Learn how to implement ISAKMP policies using IKE to ensure secure VPN configuration, in part three of our VPN guide.

How to implement VPNs using Cisco products and EzVPN IPsec This article provides IPsec protocol background and details for those implementing IPsec VPN gateways using Cisco routers. Learn about Internet Security Association and Key Management Protocol (ISAKMP) and Internet Key Exchange (IKE) in preparation for VPN configuration.

IPsec VPN router configuration: The ISAKMP policy As part of building an IPsec VPN gateway on a Cisco router, readers will learn how to implement ISAKMP policies using IKE to ensure secure VPN configuration.

IPsec protocol details for implementing VPNs This article provides IPsec protocol background and details for those implementing IPsec VPN gateways using Cisco routers. Learn about Internet Security Association and Key Management Protocol (ISAKMP) and Internet Key Exchange (IKE) in preparation for VPN configuration.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Networking experts

View all Networking questions and answers

Can you explain many-to-one address translation?

Dig Deeper on Network Infrastructure

Related Q&A from Puneet Mehta

Where can I find Puneet Mehta's most recent network security advice?

How do VPN concentrators and network access servers (NAS) differ?

What keeps unauthorized users from accessing my IP address/Internet?

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchUnifiedCommunications

Avaya revenue slump expected to continue in 2020

7 steps to improve unified communications security

Microsoft Teams reaches 20 million users, threatening Slack

SearchMobileComputing

Deploy kiosk devices with the Managed Home Screen Android app

New Outlook features appeal to users on the go

Smartphone market trends elicit longer refresh cycles

SearchDataCenter

Understand top public cloud repatriation use cases

Microsoft quantum development turns toward hardware

Top 5 options for Linux certifications

SearchITChannel

IBM's new security Cloud Pak unifies federated data

Cohesity, Pivot3 update channel partner programs, MDF funds

Businesses move key applications off public cloud to save costs

Related Resources

Dig Deeper on Network Infrastructure

Related Q&A from Puneet Mehta

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.