Why Authentication Header (AH) is not compatible with the
network that using NAT??????
Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!
Answer Posted / jitendera sinha
AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
tunel
/\
/ \
/ \
tunel transport
| |
| |
protect all data pkt protect only data portion
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip
___________________________________________________________
*******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash.
This hash is used by the recipient to authenticate the packet.
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.
In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time.
Thanku
Hope this will help to understand you the concepts.
Jitendera sinha
Is This Answer Correct ? | 2 Yes | 0 No |
Post New Answer View All Answers
Define ios?
What is the function of a router?
What is the minimum request timer?
Which protocols do periodically updates?
What does the show protocol display?
Which peer authentication method and which ipsec mode is used to connect to the branch locations? (Choose two)
What is the mau?
When does network congestion occurs?
What is the frame relay, in which layer it comes?
What are the things that can be accessed in a CISCO router’s identifying information?
Mention the ranges for the private IP?
What are the conversion steps of data encapsulation?
What is the difference between dynamic ip and static ip addressing?
What is mac address size of ipv6?
Mention what is dhcp?