Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Certifications >> Cisco Certifications >> CCNA
  2. Suggest New Category

Why Authentication Header (AH) is not compatible with the
network that using NAT??????

Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!

Question Posted / jitendera sinha

Answer Posted / jitendera sinha

AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
tunel
/\
/ \
/ \
tunel transport
| |
| |
protect all data pkt protect only data portion
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip

___________________________________________________________
*******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash.
This hash is used by the recipient to authenticate the packet.
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.

In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time.


Thanku
Hope this will help to understand you the concepts.

Jitendera sinha

Is This Answer Correct ?    2 Yes 0 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

Define load balancing?

1216

What is ad in ccna?

1261

What is the difference between simple authentication and md5?

1182

What is the role of the LLC sublayer?

1098

What is subnetting and why it is use?

1217

Explain the difference between collision domain and broadcast domain.

1064

How does RIP differ from IGRP?

1192

In which protocol you manually enable route summarization?

1284

Is hub intelligent device?

1192

What do you understand by ‘protocol’ in networking?

1193

Mention the conversion steps of data encapsulation?

1135

hi shain can u send me some detail about bgp so that i can enhance my knowledge over bgp and can you also teach me about the process of suppernating. now what i am thinking that this could be last visit on that site overhere.so please mail that short of thing on my gmail id i am requesting to all of the visitor that please send theire doubt or question to my new gmail id which is jitendera.ccnainterview@gmail.com.i will try to solve it if i am capable to do it Wishing all of you for great future Jitendera kaumar sinha

2472

What is loop back ip in ipv6?

1223

When ip confliction accord in subnet which ip assigned automatically and what it called?

1130

How can you assign a vlan to a switch port?

1246