ALLInterview.com :: Home Page KalAajKal.com
 Advertise your Business Here     
Browse  |   Placement Papers  |   Company  |   Code Snippets  |   Certifications  |   Visa Questions
Post Question  |   Post Answer  |   My Panel  |   Search  |   Articles  |   Topics  |   ERRORS new
   Refer this Site  Refer This Site to Your Friends  Site Map  Bookmark this Site  Set it as your HomePage  Contact Us     Login  |  Sign Up                      
info       Did you received any Funny E-Mails from your Friends and like to share with rest of our friends? Yeah!! you can post that stuff   HERE
Google
 
Categories  >>  Certifications  >>  Cisco Certifications  >>  CCNA
 
 


 

 
 CCNA interview questions  CCNA Interview Questions
 CCDA interview questions  CCDA Interview Questions
Question 
Why Authentication Header (AH) is not compatible with the
network that using NAT??????

Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!
 Question Submitted By :: Shahin
I also faced this Question!!     Rank Answer Posted By  
 
  Re: Why Authentication Header (AH) is not compatible with the network that using NAT?????? Jitu, looking for u specially...!!!! U knw why i m looking for u..!!!
Answer
# 1		 
AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
                               tunel
                                /\
                               /  \
                              /    \
                          tunel   transport
                            |        |
                            |        |
         protect all data pkt     protect only data portion  
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip

___________________________________________________________
                      *******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash. 
This hash is used by the recipient to authenticate the packet. 
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.

In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time. 


Thanku
Hope this will help to understand you the concepts.

Jitendera sinha
 
Is This Answer Correct ?    1 Yes 0 No
Jitendera Sinha
 

 
 
 
Other CCNA Interview Questions
 
  Question Asked @ Answers
 
What is SIA (Stuck in Active) in EIGRP? Hathway4
What does a Standard IP Access-list use as test criteria? A.) IP source address B.) IP source and destination address, protocol numbers and port numbers C.) IPX source and destination address D.) Source MAC address  1
Identify the 3 key features of the Cisco Discovery Protocol? A.) Off by default B.) Will allow for the discovery of layer 3 addresses on neighbor routers C.) Verify connectivity D.) Open standard E.) Does not require any layer 3 protocols to be configured  1
CPE is an acronym for which of the following? A.) Customer Premise Equipment B.) Central Processing Engineering C.) Customer Process Equipment D.) Central Processing Equipment  1
Which three commands are used to configure information into RAM on a router? (Choose three) A. configure memory B. configure terminal C. configure overwrite D. copy tftp startup-config E. copy running-config startup-config F. copy startup-config running-config HCL5
What command would you use to find out the names of Novell servers on a network? A. show ipx servers B. show ipx hosts C. show ipx sap D. show ipx nodes.  1
Identify the prompt displayed if in privileged exec mode? A.) Router(config)# B.) Router# C.) Router> D.) Router(priv)#  1
What is the purpose of the DLCI? A.) Identifies the remote routers B.) Contained with a 802.2 frame for routing purposes C.) Used with PPP during authentication D.) Identifies the PVC in a Frame Relay network  1
Which information must a router know in order to perform proper and pungent routing? A. destination application of an incoming packet B. number of other packets in a single flow of data C. destination network address of an incoming packet D. number of routers that also know a path to the destination  1
Which statement is true regarding Administrative distance? A.) It is a metric B.) Number of hops between two routers C.) Trustworthiness of the routing information D.) RIP Administrative distance is 100 TCS1
When using RIP, routing updates are broadcast every ____ seconds. A. 30 B. 10 C. 60 D. 90  1
Which layer of the 7 layer model is responsible for representing the application information between 2 different OS's? For example, converting ASCII to EBCIDIC. A.) Transport B.) Application C.) Physical D.) Session E.) Presentation F.) Network  2
Which two protocol tools use ICMP? (Choose two) A. ping B. telnet C. configure D. traceroute E. show commands F. standard access lists  3
Identify 1 characteristic of RARP? A.) MAC to IP address translation B.) Connectionless delivery of packets C.) Can be used to initiate remote O/S load sequence D.) Generates error and control messages  3
When using access lists, what does a Cisco router check first? A. To see if the packet is routable or bridgeable B. The destination address C. The source address D. The packet contents  1
Identify the 3 major functions at layer 3 of the OSI model? A.) Forwarding process B.) Logical addressing C.) End-to-end connnections D.) Path selection E.) MAC address examination F.) Network monitoring  2
You have two Cisco routers setup back-to-back in a lab using DTE/DCE cables. To which router would you add the clockrate command? A.) The serial port on the DCE router B.) The Ethernet port on the DTE router C.) The Ethernet port on the DCE router D.) The serial port on the DTE router TCS3
Inverse ARP serves what purpose? A.) Method for a local router to introduce itself to the remote end of the connection B.) Broadcast a routing table update C.) Identify MAC addresses if the IP address is known D.) Sent every 10 seconds used to verify the Frame Switch is still active  1
Explain usage of ICMP in IP routing  2
Which protocol will let neighbor routers know if your internetwork experienced congestion on a serial port? A.) BootP B.) IP C.) ICMP D.) ARP E.) FTP F.) RARP  1
 
For more CCNA Interview Questions Click Here 
 
 
 
 
 
   
Copyright Policy  |  Terms of Service  |  Help  |  Site Map 1  |  Articles  |  Site Map  |   Site Map  |  Contact Us interview questions urls   External Links 
   
Copyright © 2007  ALLInterview.com.  All Rights Reserved.

ALLInterview.com   ::  Forum9.com   ::  KalAajKal.com