Interested to Buy Any Domain ? << Click Here >> for more details...
Why Authentication Header (AH) is not compatible with the
network that using NAT??????
Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!
- 1 Answers
- 8215 Views
- I also Faced
- E-Mail Answers
Answer / jitendera sinha
AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
tunel
/\
/ \
/ \
tunel transport
| |
| |
protect all data pkt protect only data portion
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip
___________________________________________________________
*******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash.
This hash is used by the recipient to authenticate the packet.
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.
In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time.
Thanku
Hope this will help to understand you the concepts.
Jitendera sinha
| Is This Answer Correct ? | 2 Yes | 0 No |
Which of the following is a valid TCP/IP socket for an Email connection? 101.34.2.125:25 00-00-03-1B-CA-6F:143 202.167.23.101:21 60.4:110
What are the steps of conversion for data encapsulation?
what is the network address?
What is true when using DDR? A.) HDLC is the preferred encapsulation B.) You must use static routing C.) You should use dynamic routing D.) You should use ISDN
Hi, Shahin Thanks a lot for providing me these sites. These links are really helpful for me. r u working somewhere please let me know
what is ESP (Encapsulating Security Payload)?
Which command will display adjacent routers found by the Cisco Discovery Protocol? A.) show all B.) show cdp entry C.) show ip neighbors D.) show cdp neighbor detail E.) show cdp neighbor F.) show neighbor
What is true about frame-relay DLCI? A.) DLCI represents a single physical circuit B.) DLCI is optional in all frame-relay networks C.) DLCI identifies a logical connection between DTE devices D.) DLCI is used to tag the beginning of a frame with VLAN information
What is the size of IP address?
which device/card is used at the end of computer/device to connect multiple or different wire of mesh topology to a single computer/device?
1 Answers Adepto, British College, Wipro,
Which command displays the IP addresses assigned to specific host names? A. show hosts B. show interface C. ping host name D. config host name E. show host mapping F. show host ip address G. trace ip addresses host name H. a partridge in a pear tree
hello friends im murtaza frm indore... and my question is that im doing hardware engenering and networking and im intrested in make a good career in networking so can you suggest.. which institiue is good for me...plzzz replyy im waiting...
CCNA 
