What is PAT (Port Address Translation)?
PAT, short for "Port Address Translation," is a technology that converts the IP address and port number of TCP (or UDP)/IP packets into another IP address and port number. It is generally referred to as NAPT (Network Address Port Translation) or IP Masquerade, with the term "PAT" being specifically used by Cisco Systems.
PAT (NAPT) is an advanced extension of NAT (Network Address Translation), a technology for converting the IP addresses in IP packet headers. In efforts to address the IPv4 address exhaustion problem, devices within an organization are typically assigned private IP addresses, but when communicating with external servers over the internet, global IP addresses are required. NAT facilitates this by translating private IP addresses into global IP addresses. However, because NAT performs a one-to-one mapping, it cannot handle simultaneous communications from multiple devices. This limitation is resolved through PAT (or NAPT).
PAT takes incoming packets from devices assigned private IP addresses, converts the source IP address to a global IP address, and modifies the source port number. It also records the mapping between the original and converted addresses and forwards the packets to the internet. Responses from the server are sent to the modified IP address and port number, which PAT uses to restore the original private IP address and port number before delivering the packets to the originating device.
The system modifies port numbers to uniquely identify packets from different private IP addresses. Even though multiple devices share the same global IP address when communicating externally, their port numbers differ, allowing PAT to differentiate between devices and enable simultaneous communication with multiple endpoints.
Today, PAT and NAPT are often grouped under the general term "NAT." While NAT can conceal internal networks from external ones, contributing to network segmentation and basic security, it is not a comprehensive security solution. Additional end-to-end tunneling technologies are often needed for enhanced security against external threats.