Can you explain many-to-one address translation?

SDG

In many-to-one address translation AKA-PAT/NAPT (Port Address Translation), the IP address and source IKE port, normally User Datagram Protocol (UDP) port changes. Some VPN devices do not support IKE requests sourced on these ports and devices performing many-to-one NAT do not handle ESP or AH correctly. FYI- ESP and AH are higher-layer protocols on top of IP that do not use ports.

Since many-to-one address translation is common with many environments where remote-access clients are deployed, a special mechanism called NAT transparency exists to overcome these NAT issues. NAT transparency NAT-t re-encapsulates the IKE and ESP packets into another transport layer protocol, such as UDP or TCP, which enables address-translating devices to perform translation correctly. Learn more about NAT-t here.

Also, here's a very good article by Lisa Phifer on NAT & IPSEC issues.

This was last published in October 2004

Related Q&A from Puneet Mehta

Where can I find Puneet Mehta's most recent network security advice?

To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://... Continue Reading

How do VPN concentrators and network access servers (NAS) differ?

Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading

What keeps unauthorized users from accessing my IP address/Internet?

Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Networking experts

View all Networking questions and answers

SearchUnifiedCommunications

Challenges lie ahead following Slack public offering

Following Slack's public debut, analysts say the company needs to boost enterprise sales and retool third-party integrations to ...

Are you ready to adopt cloud video conferencing?

Video is an important tool for enterprises looking to support dispersed employees. Take this quiz to see how much you know about ...

5 best practices for a strong UC cloud SLA

Organizations need a strong cloud SLA to meet their UCaaS performance needs. These five best practices provide guidance on how to...

SearchMobileComputing

Navigate Intune app deployment for mobile devices

With the right Intune app deployment methods, IT can manage its Android and iOS users' apps, but the practices are different ...

BlackBerry Enterprise Mobility Suite adds 5 new features

BlackBerry has upgraded its Enterprise Mobility Suite in an effort to connect business and consumer applications in a secure ...

Cloud, SaaS bring identity and access management challenges

In this Q&A, Identity Automation's co-founder and CEO, James Litton, talks about the identity and access management challenges ...

SearchDataCenter

How to cultivate the ideal IaaS agreement

As you expand your infrastructure, you might use service providers for certain components. Make sure you get a comprehensive SLA ...

China's supercomputing systems soar from 21 to 219 in a decade

The U.S. dominates in total supercomputing performance, but lags behind China in the overall number of supercomputers. U.S. x86 ...

Data center cooling systems advance, incorporate natural sources

Despite concerns around water-based cooling technology, organizations are developing new hardware setups that rely on fjords and ...

SearchITChannel

Fortinet SD-WAN highest value rating from NSS Labs

The latest NSS Labs SD-WAN report gives Fortinet the best ratings for value and total cost of ownership, while Silver Peak gets ...

HPE partner enablement seeks greater unity with the channel

The latest HPE partner program updates made enablement an important theme, as the vendor transitions to a solutions-oriented ...

Kaseya software expansion, sales support targets MSPs

Kaseya has had a busy few weeks, launching and acquiring products, unveiling a $500 million investment and setting up a program ...

Related Resources

Dig Deeper on Network Infrastructure

Related Q&A from Puneet Mehta

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.