If access to the Internet has been configured for the machines behind the VPN Gateway, a many-to-one NAT will be configured on the Internet interface. This will perform a Port Address Translation (PAT) on all traffic sent to the Internet.

The Destination NAT is applied to the packet destination instead of the packet source like in Source NAT or 1-1 NAT. For example, the customer has an old application which has a hard-coded server IP address of 1.1.1.1. This IP address is no longer correct and the server has been moved to 10.102.1.37. With the destination NAT, the application will continue to send traffic to 1.1.1.1, but when the packet is routed through the VPN Gateway, the destination IP address is changed from 1.1.1.1 to 10.102.1.37. The destination NAT address could be down an IPSec tunnel or on the Internet.

1-1 NAT, 1-1 NAT + PAT, Source NAT, Source NAT + PAT