> I think of PAT as NAT *plus* the extra port forwarding stuff. > And the 675 does both PAT and NAT, at least as I understand > it (it's what I'm using). NAT is considered to be a 1 to 1 translation on the IP, for example, 206.144.233.6 -> 192.168.99.2 and 206.144.233.8 -> 192.168.99.3. NAT only looks at the IP when doing a translation, and ignores any port information. PAT is many internal IP's to one public. For example, 206.144.233.6:36784 -> 192.168.99.2:3452 and 206.144.233.6:38992 -> 192.168.99.3:8833. PAT stands for Port Address Translation, and basically goes a little farther than NAT by looking at the port in addition to the ip, and making a translation table which can map a particular port on the outside to an inside ip and port on the inside, different ports can be mapped to different ip/port pairs on the inside. In many situations though, PAT is actually referred to as NAT, as NAT seems to be a more general term which encompasses anything where the ip is changed on packets passing through a device. PAT is great for saving IP space, but has issues with passing portless protocols correctly, like GRE. Since GRE has no port, no port mapping can be set up in the translation table. Some vendors have made additions to PAT to keep track of conversations like this in a different way so it can map incoming traffic to the correct host. Jay