Why Authentication Header (AH) is not compatible with the
network that using NAT??????
Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!
- 1 Answers
- 7150 Views
- I also Faced
- E-Mail Answers
Answer / jitendera sinha
AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
tunel
/\
/ \
/ \
tunel transport
| |
| |
protect all data pkt protect only data portion
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip
___________________________________________________________
*******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash.
This hash is used by the recipient to authenticate the packet.
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.
In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time.
Thanku
Hope this will help to understand you the concepts.
Jitendera sinha
| Is This Answer Correct ? | 2 Yes | 0 No |
Identify the hardware component that stores the bootstrap program? A.) ROM B.) NVRAM C.) Booter load D.) RAM E.) Flash
Can anyone explain the Split Horizon rule in RIP & also Split Horizon with Poison reverse. Jitu.... U knw wat i expect.. hehehehehe...
Which of the following is an example of the Network Layer? A.) TCP B.) IP C.) SQL D.) Token Ring E.) LLC
Name the protocol which can do load balancing on unequal cost also?
What command would show the version of the IOS that you are running? A.) show nvram B.) show version C.) show startup-config D.) show ios E.) ver -a F.) show ram
In the setup dialog, what do the square brackets indicate? A. current or default spores B. hard coded values that cannot be modified C. values entered by the administrator but not saved D. values that must be written to PAVRAM before becoming enabled
Identify the keystroke to position the cursor to the beginning of a command line? A.) Ctrl-A B.) Ctrl-Ins C.) Ctrl-B D.) Ctrl-Z
Describe End to End network services: (Choose all that apply) A.) Best Route selection B.) Accomplished Segment by Segment, each segment is autonomous C.) Flow Control & Data Integrity D.) Best efforts packet delivery
Which IP Address Class can have 16 million subnets but support 254 hosts? A. Class C B. Class A C. Class B D. Class D
Hi friend , This is Harekrushna . I have been tried for netsim keygen but i could not download this crack file .if it download then showes the writer protect error. PLEASE sugest me what isthe soluation. or any other software avalibe for pratics the network .
When setting up a frame-relay network between a Cisco router and a non-Cisco router, what encapsulation type should you use? A.) SAP B.) CISCO C.) IANA D.) Apollo E.) IETF F.) Q933A
Explain the difference between static and dynamic routing?
CCNA 
