NAT (network address translation)
To extend the reach of the IPv4 address space, companies have turned to using private IPv4 addresses through a public-to-private address translation technique known as network address translation (NAT).
NAT works by using the several million private addresses that have been put aside by the Internet Engineering Task Force, turning a public IP address such as 192. 156.136.22 into a private address, such as 10.0.0.4, for delivery to a user's PC. Private IP addresses cannot be "seen" by the Internet, and therefore may be reused by various enterprise networks.
In conjunction with a NAT-enabled gateway or router device, a privately addressed network may hide hundreds or thousands of hosts behind a single public address. The NAT device differentiates among the PCs by translating their port numbers into unique values.
But NAT is limited by applications such as streaming media that transmit IP addresses or port numbers in the payloads of packets. Such applications require that NAT take on application-specific knowledge and perform additional computation.
Worse, because NAT typically resides in a boundary router between private and public networks, it can't function with IP Security (IPSec), the popular encryption technology for virtual private networks. IPSec requires true end-to-end handshaking in order to set up initial encryption rules. Once encrypted at a client system, IPSec packets cannot be modified - or recognized - by NAT.