Interested to Buy Any Domain ? << Click Here >> for more details...
Why Authentication Header (AH) is not compatible with the
network that using NAT??????
Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!
- 1 Answers
- 8245 Views
- I also Faced
- E-Mail Answers
Answer / jitendera sinha
AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
tunel
/\
/ \
/ \
tunel transport
| |
| |
protect all data pkt protect only data portion
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip
___________________________________________________________
*******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash.
This hash is used by the recipient to authenticate the packet.
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.
In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time.
Thanku
Hope this will help to understand you the concepts.
Jitendera sinha
| Is This Answer Correct ? | 2 Yes | 0 No |
How many valid ip will b in /21 in route summarization?
Which of the following are examples of the Session Layer? A.) TCP B.) LLC C.) SQL D.) NFS E.) Token Ring
Which two of the following protocols are used at the Transport layer? A.) ARP B.) UDP C.) ICMP D.) RARP E.) TCP F.) BootP
You need to come up with a TCP/IP addressing scheme for your company. Which two factors must you consider when you define the subnet mask for the network? A.) The location of DHCP servers B.) The volume of traffic on each subnet C.) The number of subnets on the network D.) The location of the default gateway E.) The number of host IDs on each subnet
what is frame relay.and how it is different from isdn
Which command would show all Ethernet interfaces with IPX configured on them? A.) show interface ipx ethernet B.) show ipx interface C.) show ipx interface ethernet D.) show ipx E.) show version F.) show run
How do you view the routers current processor utilization? A.) show version B.) show processes cpu C.) show running-config D.) show startup-config E.) show cpu F.) show utilization
Explain how an spf algorithm works?
What is the difference between half duplex and full duplex?
what is lmi? how many type of lmi's we are using ...
Which OSI layer establishes, maintains and terminates sessions between hosts? A.) Application B.) Physical C.) Data-Link D.) Presentation E.) Network F.) Session
What is the regional Telco office called, where the customers local loop terminates? A.) Demarc B.) DTE C.) DCE D.) CO E.) CPE
CCNA 
