Interested to Buy Any Domain ? << Click Here >> for more details...
Why Authentication Header (AH) is not compatible with the
network that using NAT??????
Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!
- 1 Answers
- 8163 Views
- I also Faced
- E-Mail Answers
Answer / jitendera sinha
AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
tunel
/\
/ \
/ \
tunel transport
| |
| |
protect all data pkt protect only data portion
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip
___________________________________________________________
*******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash.
This hash is used by the recipient to authenticate the packet.
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.
In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time.
Thanku
Hope this will help to understand you the concepts.
Jitendera sinha
| Is This Answer Correct ? | 2 Yes | 0 No |
What are the Timer of RIP, IGRP, EIGRP and OSPF Routing Protocol?
Which of the following are Transport layer protocols? A.) UDP B.) TCP C.) NBP D.) IP E.) SPX
Which type of updates eigrp protocol do?
What command displays a summary list of OSPF interfaces that includes a column for the cost of each interface?
The network portion of an address typically represents a: A.) Router B.) Ethernet MAC address. C.) Computer D.) Host E.) Segment
What type of switching creates variable latency through the switch? A.) Cut-Through B.) Inverted C.) Layer 4 D.) Multiplexed E.) Store and Forward
Tell me which protocol called rapid protocol?
Identify the command to reload the router? A.) Router(config)# reload B.) Router# reset C.) Router# reload D.) Router> reload
You would like to have a notation that when a user issues the command 'show interface serial 0', a line is displayed indicating that, 'This is the connection to Company A.' What interface command would accomplish this? A.) banner motd #This is the connection to Company A.# B.) interface This is the connection to Company A. C.) This cannot be done for an individual interface. D.) description This is the connection to Company A. E.) banner This is the connection to Company A. F.) display This is the connection to Company A.
Explain the difference between static and dynamic routing?
The Physical layer works with which of the following: A.) Segments B.) Datagrams C.) Packets D.) Bits E.) Frames
Identify the true statements about the following access list: Access-list 101 deny tcp 192.10.172.0 0.0.0.255 any eq 23 Access-list 101 permit ip any any A.) This access list prevents the host 192.10.172.0 from telneting B.) This access list prevents any telnet traffic from subnet 192.10.172.0/24 C.) This access list filters some telnet access D.) This access list denies any telnet traffic to subnet 192.10.172.0/24 E.) This access list is invalid F.) The netmask on the this access list is reversed
CCNA 
