Why can’t ESP packet pass through the PAT device?

It is because ESP is a protocol without ports that prevents it from passing through PAT devices.Because there is no port to change in the ESP packet, the binding database can’t assign a unique port to the packet at the time it changes to private address (10.0.0.0/8,172.16.0.0/12,192.168.0.0/16) address to the publically routable address. If the packet can’t be assigned a unique port then the database binding won’t complete and there is no way to tell which inside host sourced this packet. As a result there is no way for the return traffic to be untranslated successfully.