Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Certifications >> Cisco Certifications >> CCNA
  2. Suggest New Category

Why Authentication Header (AH) is not compatible with the
network that using NAT??????

Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!

Question Posted / jitendera sinha

Answer Posted / jitendera sinha

AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
tunel
/\
/ \
/ \
tunel transport
| |
| |
protect all data pkt protect only data portion
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip

___________________________________________________________
*******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash.
This hash is used by the recipient to authenticate the packet.
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.

In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time.


Thanku
Hope this will help to understand you the concepts.

Jitendera sinha

Is This Answer Correct ?    2 Yes 0 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

What is the difference between arp and rarp?

1051

What is the difference between csma/cd?

1143

What is the meaning of synchronization?

1201

In configuring a router, what command must be used if you want to delete the configuration data that is stored in the NVRAM?

1534

After how long ospf exchange its topology table?

1162

What is the beaconing?

1039

What is the difference between rip and igrp?

1029

How do we do encryption and authentication in L2F?

2849

What is the key advantage of using a switches?

1057

Name the command we give for see routing table?

2366

Tell me why we use filter option?

1145

Define osi?

1085

1>What do you mean by Networks and Networking? 2>Difference between Vlan And Sub Interface Vlan? 3>What is Fiber Optic Media Converter? 4>What is Firewall? 5>Difference Between Layer2 and Layer3 Switch? 6>What is the function of Multilayer Switch? 7>Expalin STP? What is the Difference between STP and MST? 8>What is the Function of VTP?Explain the modes of VTP? 9>What kind of Message VTp will Send? 10>What is the Difference between Normal and Manageable Switch? 11>Difference between Local Vlan and End to End Vlan? 12>Difference between Distance Vector and Link State Routing protocol? 13>What do you mean by Backbone Fast Port? 14>what is Root Guard and BPDU Guard?

2463

What does vlan provide?

1031

Name the command we give on privilege mode for coming back to user execution mode?

985