ALLInterview.com :: Home Page KalAajKal.com
 Advertise your Business Here     
Browse  |   Placement Papers  |   Company  |   Code Snippets  |   Certifications  |   Visa Questions
Post Question  |   Post Answer  |   My Panel  |   Search  |   Articles  |   Topics  |   ERRORS new
   Refer this Site  Refer This Site to Your Friends  Site Map  Bookmark this Site  Set it as your HomePage  Contact Us     Login  |  Sign Up                      
tip   To Refer this Site to Your Friends   Click Here
Google
 
Categories  >>  Certifications  >>  Cisco Certifications  >>  CCNA
 
 


 

 
 CCNA interview questions  CCNA Interview Questions
 CCDA interview questions  CCDA Interview Questions
Question 
Why Authentication Header (AH) is not compatible with the
network that using NAT??????

Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!
 Question Submitted By :: Shahin
I also faced this Question!!     Rank Answer Posted By  
 
  Re: Why Authentication Header (AH) is not compatible with the network that using NAT?????? Jitu, looking for u specially...!!!! U knw why i m looking for u..!!!
Answer
# 1		 
AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
                               tunel
                                /\
                               /  \
                              /    \
                          tunel   transport
                            |        |
                            |        |
         protect all data pkt     protect only data portion  
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip

___________________________________________________________
                      *******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash. 
This hash is used by the recipient to authenticate the packet. 
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.

In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time. 


Thanku
Hope this will help to understand you the concepts.

Jitendera sinha
 
Is This Answer Correct ?    1 Yes 0 No
Jitendera Sinha
 

 
 
 
Other CCNA Interview Questions
 
  Question Asked @ Answers
 
What is CSU/DSU & explain the function???? Cisco3
Identify IPX GNS and it's purpose? A.) Go Network Server - sends a print job to a network server B.) Get Nearest Server - locate the nearest server C.) Guaranteed Network Services - allocates resources to users D.) Get Notes Server - locates Domino Server  1
Identify the command that displays the SAP table? A.) show ipx servers B.) display SAP table C.) display SAP's D.) show sap table  1
You need to come up with a TCP/IP addressing scheme for your company. Which two factors must you consider when you define the subnet mask for the network? A.) The location of DHCP servers B.) The volume of traffic on each subnet C.) The number of subnets on the network D.) The location of the default gateway E.) The number of host IDs on each subnet  1
How do you find the parameters that you can use with the SHOW command? A.) ? show B.) show ? C.) debug show D.) help E.) sh?  1
Identify the command to configure the router for IGRP autonomous system 100? A.) Router(config)# router igrp 100 B.) Router> router igrp 100 C.) Router# router igrp 100 D.) Router(config)# router igrp CMS2
1. What is an advantage to LAN segmentation? A. Provides multiprotocol support B. Decreases security C. Decreases broadcasts D. Increases broadcasts  2
Identify the command to display the Frame Relay map table? A.) Router# display frame-relay map B.) Router# show frame-relay map C.) Router(setup)# show frame-relay map D.) Router# show map frame-relay  1
Identify the 3 guidelines for routers in the same autonomous system? A.) Must be configured for RIP B.) Interconnected C.) Assigned the same autonomous system number D.) Configured for the same routing protocol E.) Must be same model of router  1
thnx Jitender singh...as u told to install a stp in switches and problem vil b get solved...i wanna kno how to install stp in switches?? plz tel me detailled steps... thanx for ur answer.  1
7. What is an advantage to using switches in your network? A. Addressing of hosts by DHCP B. Ease of administration C. Stops broadcast storms D. Works like a repeater iGate2
Identify the X.25 addressing standard? A.) X.121 B.) X.25a C.) ITU-1 D.) Q933a  1
What is the juncture at which the CPE ends and the local loop portion of the service begins? A. Demarc B. CO C. Local loop D. Last-mile  1
What is the administrative distance for IGRP? A.) 90 B.) 120 C.) 110 D.) 100  2
which of the following address represent unicast address A 224.1.5.2 B ffff.ffff.ffff.ffff C 192.168.24.59/30 D 255.255.255.255 E 172.138.128.255 plz tell what should be answer plz tell with explanation IPsoft3
You are given the following address: 15.16.193.6/21. Determine the subnet mask, address class, subnet address, and broadcast address. A. 255.255.248.0, A, 15.16.192.0, 15.16.199.255 B. 255.255.248.0, B, 15.16.192.0, 15.16.199.255 C. 255.255.248.0, A, 15.16.199.255, 14.15.192.0 D. 255.255.242.0, A, 15.16.192.0, 15.16.199.255  1
What does -1 signify in an extended IPX access list? A. permit this host B. deny this host C. permit only this subnet D. any host or any network  2
When you issue the command show version your router returns "Configuration register is 0x0101" From where does the router boot? A. ROM B. NVRAM C. Flash D. a TFTP server  1
Which statement about the flow control function of TCP is true? A. TCP makes no snarl to check for lost or duplicate data packets B. The application layer must sequence data packets when using TCP C. TCP controls the flow of UDP data through negative acknowledgements (NAK) D. TCP is a connection-oriented protocol that acknowledges receipt of data packets and is considered reliable  1
You create the following standard access-list access-list 1 deny 1.1.1.1 access-list 1 deny 2.2.2.2 int e0 ip access-group 1 in Which of the following statements are true, with regard to traffic flowing into E0? A.) This will stop IP packets with a source address of 1.1.1.1 only. B.) This will stop all IP packets. C.) This is an invalid configuration. D.) This will stop no IP packets. E.) This will stop IP packets with a source address of 2.2.2.2 only. F.) This will stop IP packets with a source address of 1.1.1.1 and 2.2.2.2.  1
 
For more CCNA Interview Questions Click Here 
 
 
 
 
 
   
Copyright Policy  |  Terms of Service  |  Help  |  Site Map 1  |  Articles  |  Site Map  |   Site Map  |  Contact Us interview questions urls   External Links 
   
Copyright © 2007  ALLInterview.com.  All Rights Reserved.

ALLInterview.com   ::  Forum9.com   ::  KalAajKal.com