Expert Answer Center > Experts On Demand > View Answer
EMAIL THIS
Experts on Demand
  EXPERTS ON DEMAND HOME     POSE A QUESTION     VIEW ANSWERS     BROWSE BY TOPIC        RSS FEEDS  
What is many-to-one address translation? QUESTION POSED ON: 30 AUG 2005
QUESTION ANSWERED BY: Puneet Mehta In many-to-one address translation AKA-PAT/NAPT (Port Address Translation), the IP address and source IKE port, normally User Datagram Protocol (UDP) port changes. Some VPN devices do not support IKE requests sourced on these ports, and devices performing many-to-one NAT do not handle ESP or AH correctly. FYI- ESP and AH are higher-layer protocols on top of IP addresses that do not use ports.

Since many-to-one address translation is common with many environments where remote-access clients are deployed, a special mechanism called NAT transparency exists to overcome these NAT issues. NAT transparency NAT-t re-encapsulates the IKE and ESP packets into another transport layer protocol, such as UDP or TCP, which enables address-translating devices to perform translation correctly. Learn more about NAT-t.

Also, here's a very good article by Lisa Phifer on NAT and IPsec issues.

HomeExperts on DemandIT Expert Webcast SeriesExpert KnowledgebaseSite Index
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts