Can you explain many-to-one address translation?

Puneet Mehta, SDG

In many-to-one address translation AKA-PAT/NAPT (Port Address Translation), the IP address and source IKE port, normally User Datagram Protocol (UDP) port changes. Some VPN devices do not support IKE requests sourced on these ports and devices performing many-to-one NAT do not handle ESP or AH correctly. FYI- ESP and AH are higher-layer protocols on top of IP that do not use ports.

Since many-to-one address translation is common with many environments where remote-access clients are deployed, a special mechanism called NAT transparency exists to overcome these NAT issues. NAT transparency NAT-t re-encapsulates the IKE and ESP packets into another transport layer protocol, such as UDP or TCP, which enables address-translating devices to perform translation correctly. Learn more about NAT-t here.

Also, here's a very good article by Lisa Phifer on NAT & IPSEC issues.

This was last published in October 2004

Dig Deeper on Network Infrastructure

Related Q&A from Puneet Mehta

Where can I find Puneet Mehta's most recent network security advice?

To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://... Continue Reading

How do VPN concentrators and network access servers (NAS) differ?

Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading

What keeps unauthorized users from accessing my IP address/Internet?

Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Networking experts

View all Networking questions and answers

SearchUnifiedCommunications

Cisco Webex Edge for Devices links on-prem endpoints to cloud

With Webex Edge for Devices, companies can connect on-premises video endpoints to the cloud, unlocking features such as the Webex...

3 benefits of unified communications for small business

Small businesses that adopt unified communications can expect to improve employee engagement, reduce costs and consolidate ...

Launch of Microsoft Teams, consumer Skype integration set for Q1

Integration between Microsoft Teams and consumer Skype is now scheduled to launch sometime in the first quarter. Previously, the ...

SearchMobileComputing

5G connectivity won't be enterprise-ready in 2020

Despite hype and new device announcements, experts expect 5G will take time to catch on in the enterprise. The tech has potential...

Acer Spin 5, TravelMate P6 preview: Great specs, good price

At CES 2020, the Acer Spin 5 and Acer TravelMate P6 and P2 series headlined the vendor's appearance. Acer focused its upgrades on...

Dell Latitude 9510 and XPS 13 preview: Best in business

The Dell Latitude 9510 and XPS 13 unveiled at CES 2020 redefine the business laptop, touting features like 5G, AI, impossibly ...

SearchDataCenter

Organizations try to predict the effect of 5G infrastructure

With more 5G and IoT devices emerging, admins must prepare their data centers to support low-latency apps and edge computing with...

Top infrastructure and operations technology myths of 2019

Admins are consistently evaluating technology to improve I&O efficiency. Cost, integration and business goals are key components ...

Improve efficiency with server energy consumption tools

Deciding what servers are most efficient for your infrastructure requires research. Hardware-level certifications and web-based ...

SearchITChannel

Cloud consultants set for massive workload shift to cloud

2020 bodes well for cloud adoption, according to AllCloud. On top of moving more workloads to cloud, customers may be eying IT ...

SMBs grappling with digital transformation initiatives

SMBs are eager to embrace digital transformation, but many businesses encounter challenges when trying to implement new ...

Citrix's performance analytics service gets granular

Citrix says its new performance analytics service for its Virtual Apps and Desktops platform will better identify the root cause ...

Can you explain many-to-one address translation?

Dig Deeper on Network Infrastructure

How do I disable VPN passthrough? What are the pros and cons to disabling it?

Using NAT Traversal and IPsec Passthrough together

What is the ISAKMP policy and how does it impact IPsec VPN router configuration?

How to implement VPNs using Cisco products and EzVPN IPsec

Related Q&A from Puneet Mehta

Where can I find Puneet Mehta's most recent network security advice?

How do VPN concentrators and network access servers (NAS) differ?

What keeps unauthorized users from accessing my IP address/Internet?

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchUnifiedCommunications

Cisco Webex Edge for Devices links on-prem endpoints to cloud

3 benefits of unified communications for small business

Launch of Microsoft Teams, consumer Skype integration set for Q1

SearchMobileComputing

5G connectivity won't be enterprise-ready in 2020

Acer Spin 5, TravelMate P6 preview: Great specs, good price

Dell Latitude 9510 and XPS 13 preview: Best in business

SearchDataCenter

Organizations try to predict the effect of 5G infrastructure

Top infrastructure and operations technology myths of 2019

Improve efficiency with server energy consumption tools

SearchITChannel

Cloud consultants set for massive workload shift to cloud

SMBs grappling with digital transformation initiatives

Citrix's performance analytics service gets granular

Related Resources

Dig Deeper on Network Infrastructure

How do I disable VPN passthrough? What are the pros and cons to disabling it?

Using NAT Traversal and IPsec Passthrough together

What is the ISAKMP policy and how does it impact IPsec VPN router configuration?

How to implement VPNs using Cisco products and EzVPN IPsec

Related Q&A from Puneet Mehta

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.