1. Categories >> Certifications >> Cisco Certifications >> CCNA
  2. Suggest New Category

Why Authentication Header (AH) is not compatible with the
network that using NAT??????

Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!

Question Posted / jitendera sinha

Answer Posted / jitendera sinha

AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
tunel
/\
/ \
/ \
tunel transport
| |
| |
protect all data pkt protect only data portion
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip

___________________________________________________________
*******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash.
This hash is used by the recipient to authenticate the packet.
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.

In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time.


Thanku
Hope this will help to understand you the concepts.

Jitendera sinha

Is This Answer Correct ?    2 Yes 0 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

Define ios?

608

What is the function of a router?

624

What is the minimum request timer?

641

Which protocols do periodically updates?

723

What does the show protocol display?

875




Which peer authentication method and which ipsec mode is used to connect to the branch locations? (Choose two)

777

What is the mau?

627

When does network congestion occurs?

624

What is the frame relay, in which layer it comes?

656

What are the things that can be accessed in a CISCO router’s identifying information?

693

Mention the ranges for the private IP?

674

What are the conversion steps of data encapsulation?

684

What is the difference between dynamic ip and static ip addressing?

657

What is mac address size of ipv6?

795

Mention what is dhcp?

621