Why Authentication Header (AH) is not compatible with the
network that using NAT??????
Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!
- 1 Answers
- 7148 Views
- I also Faced
- E-Mail Answers
Answer / jitendera sinha
AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
tunel
/\
/ \
/ \
tunel transport
| |
| |
protect all data pkt protect only data portion
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip
___________________________________________________________
*******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash.
This hash is used by the recipient to authenticate the packet.
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.
In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time.
Thanku
Hope this will help to understand you the concepts.
Jitendera sinha
| Is This Answer Correct ? | 2 Yes | 0 No |
Wild card mask always in odd value or even?
What must you do to test connectivity on a dial on demand routing (DDR) link? A. increase the idle Import parameter B. send interesting traffic across the link C. reboot one of the integrated services digital network (ISDN) routers D. reset the DDR integrated services digital network (ISDN) router statistics to zero
what is difference between 1 pap and chap(quite easy but need on line answer) 2 chap and ms-chap(plz describe briefly) now i have posted the question is there any one to help me?
What is the last step in data encapsulation? A.) User information is converted into data. B.) Segments are converted into datagrams and packets. C.) Frames are put into bits. D.) Data is converted into segments. E.) Packets are put into logical frame.
Given the global configuration command 'banner motd #7 Hello #', what do the '#' symbols represent? A.) Escape sequence to exit the menu. B.) Nothing, just part of the banner. C.) Tic Tac Toe Macro. D.) Delimiting Character E.) Message border character. F.) Number of times message to be displayed.
Which two steps are required to confound and apply standard access lists on an interface? (Choose two) A. define an access list number and its parameters B. enable an interface to become part of the access list group C. define the number of access lists to be supported on an interface D. copy the access list definition to each interface that will support it
What is the IP extended access list range? A.) 1000-1099 B.) 100-199 C.) 1-99 D.) 101-200
What is the virtual path?
Which two of the following protocols are used at the Transport layer? A.) ARP B.) UDP C.) ICMP D.) RARP E.) TCP F.) BootP
Which of the following is a layer 2 device? A.) Switch B.) Bridge C.) Repeater D.) Hub
What is the protocol number for TCP? A.) 80 B.) 21 C.) 11 D.) 6
Of the following, which reason applies to dividing a large network into two or more smaller networks? Performance Security Address Management All of the above
CCNA 
