Network address translation (NAT)

Network Address Translation (NAT) translates internal or private IP addresses to public or globally routable IP addresses and also translates ports. In order for the Universal Connection to connect to IBM® through a NAT, you must enable NAT traversal, as described in the NAT compatible IPSec topic, so that the translation of the address does not break the encrypted data flow. The Universal Connection wizard automatically enables this technology.

NAT provides the following advantages:

• NAT saves public IP addresses. Because a client only needs a public IP address when it is communicating with the Internet, the pool of globally routable IP addresses can be shared with other clients. Therefore, you need fewer public IP addresses than the actual number of internal clients that need access to the public network if you use NAT. When your private IP address sends traffic through the NAT, this software translates the private address to the public address. This feature and the ability to translate both the IP address and port (NAT port mapping) make it possible, in many NAT implementations, to require only one public IP address.
• NAT hides the internal network's IP addresses.
• It simplifies routing. Since internal hosts are assigned IP addresses from the internal network, other internal systems can access them without special routes or routers. The same hosts are accessed from the public network through globally routable IP addresses translated by NAT.
• NAT is transparent to the client and, therefore, allows you to support a wider range of clients.
• NAT supports a wide range of services with a few exceptions. Any application that carries and uses the IP address inside the application does not work through NAT.
• NAT consumes fewer computer resources and is more efficient than using SOCKS and application proxy servers.
• The Universal Connection can flow through NAT.

Some disadvantages of NAT include the following:

• NAT provides minimum logging services.
• You must enable IP forwarding before you can use NAT to make an Internet connection.
• NAT is not as adept as either the SOCKS or application proxy servers in detecting attacks.
• NAT can break certain applications, or make these applications more difficult to run.