Answer / jitendera sinha

AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
tunel
/\
/ \
/ \
tunel transport
| |
| |
protect all data pkt protect only data portion
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip

___________________________________________________________
*******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash.
This hash is used by the recipient to authenticate the packet.
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.

In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time.


Thanku
Hope this will help to understand you the concepts.

Jitendera sinha

Hi Gyes, here is new question. can you provide answer of following question Like linux, can we windows as router? If yes how can we able to do this,

2 Answers  

---

When setting up a frame-relay network between a Cisco router and a non-Cisco router, what encapsulation type should you use? A.) SAP B.) CISCO C.) IANA D.) Apollo E.) IETF F.) Q933A

2 Answers  

---

What is an advantage of LAN segmentation? A.) Increases broadcasts. B.) Increases collisions. C.) Provides more protocol support. D.) Decreases broadcasts. E.) Routing protocol support.

2 Answers   Wipro,

---

What command can be used to test IPX connectivity? A.) Ping 2e.000.0045.8923 B.) Ping 192.168.100.1 C.) Ping ipx 2e.0000.0045.8923 D.) Ipx ping 2e.0000.0045.8923

2 Answers   Ethio Telecom,

---

You can access three forms of WAN services with Cisco routers. Select the three forms: A. Switched or relayed services B. Interface front end to IBM enterprise data center computers C. Using protocols that connect peer-to-peer devices like HDLC or PPP encapsulation. D. IPX/SPX E. NetBEUI

1 Answers  

---

Which two statements about a bridge are true? (Choose two) A. A bridge floods multicasts B. A bridge floods broadcasts C. A bridge does not flood multicasts D. A bridge does not flood broadcasts

1 Answers  

---

What is the difference between TCP and UDP? A.) TCP is connection-oriented; UDP uses acknowledgements only B.) TCP is connection-oriented; UDP is connectionless C.) Both TCP and UDP are connection-oriented, but only TCP uses windowing D.) TCP and UDP both have sequencing, but UDP is connectionless

2 Answers  

---

When configuring a router utilizing both physical and logical interfaces, what factor must be considered in determining the OSPF router ID?

0 Answers  

---

What is the subnetmask of / 27 in network based and host based?

0 Answers  

---

Which statement is true regarding Administrative distance? A.) It is a metric B.) Number of hops between two routers C.) Trustworthiness of the routing information D.) RIP Administrative distance is 100

1 Answers   TCS,

---

In regards to the OSI seven-layer model, at which layer is EBCDIC and ASCII? A.) Presentation B.) Application C.) Transport D.) Session E.) Datalink F.) Network

1 Answers  

---

Identify the definition of demarcation? A.) Date in which the WAN service contract expires B.) Cabling which extends from the WAN service provider to the customer C.) Division of responsibility, where the CPE ends and the local loop begins D.) Equipment which is located at the customer premises

2 Answers  

---