Interested to Buy Any Domain ? << Click Here >> for more details...
Why Authentication Header (AH) is not compatible with the
network that using NAT??????
Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!
- 1 Answers
- 8331 Views
- I also Faced
- E-Mail Answers
Answer / jitendera sinha
AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
tunel
/\
/ \
/ \
tunel transport
| |
| |
protect all data pkt protect only data portion
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip
___________________________________________________________
*******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash.
This hash is used by the recipient to authenticate the packet.
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.
In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time.
Thanku
Hope this will help to understand you the concepts.
Jitendera sinha
| Is This Answer Correct ? | 2 Yes | 0 No |
The following selections show the command prompt and the configuration of the IP network mask. Which two are correct? A. Router#term IP netmask-format { bitcount | decimal | hexadecimal } B. Router(config-if)#IP netmask-format { bitcount | decimal | hexadecimal } C. Router(config-if)#netmask-format { bitcount | decimal | hexadecimal } D. Router#ip netmask-format { bitcount | decimal | hexadecimal }
What protocols can you use while testing Trace? A.) DECnet B.) CLNS C.) IP D.) Old Vines E.) Vines F.) Chaos
Identify the 4 that are not LAN technologies? A.) HDLC B.) FDDI C.) 802.5 D.) HSSI E.) SDLC F.) Frame Relay
Identify the OSI layer responsible for end-to-end connections? A.) Network B.) Transport C.) Session D.) Data link E.) TCP
WHAT IS RIP PROTOCAL ?
Which of the following is an example of the Network Layer? A.) TCP B.) IP C.) SQL D.) Token Ring E.) LLC
Identify the command that forces the router to load into ROM mode upon a reload? A.) boot system rom B.) rom boot C.) boot system flash rom D.) boot router rom
What are 3 ways to provide login access to router? A.) Console B.) TFTP C.) Rlogin D.) Auxiliary Port E.) X Windows F.) Telnet
Mention what does data packets consist of?
Which protocol works at the Internet layer and is responsible for making routing decisions? A.) UDP B.) IP C.) TCP D.) ARP
The Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) provides which of the following? A.) 1.544 Mbps B.) 23B + 1D Channel C.) 24B + 1D Channel D.) 2B + 1D Channel E.) 23B + the Disney Channel
Identify 2 functions of IPX access-lists? A.) Control SAP traffic B.) Limit number of Novell servers on a network C.) Limit number of workstations on a network D.) Block IPX traffic
CCNA 
