Interested to Buy Any Domain ? << Click Here >> for more details...
Why Authentication Header (AH) is not compatible with the
network that using NAT??????
Jitu, looking for u specially...!!!! U knw why i m looking
for u..!!!
- 1 Answers
- 8326 Views
- I also Faced
- E-Mail Answers
Answer / jitendera sinha
AH is a protocol that provides authentication.
of either all or part of the contents of a datagram.
through the addition of a header that is calculated,
based on the values in the datagram.
What parts of the datagram are used for the calculation,
and the placement of the header, depends on the mode(tunnelor transport)and the version of IP (IPv4 or IPv6).
tunnel or transport-------
tunel
/\
/ \
/ \
tunel transport
| |
| |
protect all data pkt protect only data portion
now why it is not compatible with nat nat is mechanism.
to hide your personal ip sometime theoretically
it is a mechanism to convert private ip to public ip
___________________________________________________________
*******
The IPsec Authentication Header (AH) is a case in point. AH runs the entire IP packet, including invariant header fields like source and destination address, through a message digest algorithm to produce a keyed hash.
This hash is used by the recipient to authenticate the packet.
If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, \
modifies IP packets. Ergo, AH + NAT cannot work.
In the nat Ip filed is modified so some time Ah is not compatible with nat i am again saying SOME time.
Thanku
Hope this will help to understand you the concepts.
Jitendera sinha
| Is This Answer Correct ? | 2 Yes | 0 No |
Why we are not using subnet mask of class A in class C?before answering this question, just think upon if we do this then we don't need to move to IPv6.
There are 2 types of PPP authentication supported by the Cisco IOS. What are they? A.) PAP B.) PREDICTOR C.) MD5 D.) CHAP E.) STACKER F.) MSCHAP
What is the size of ipv4?
Hi, I am littl bit confused about ip Addressing scheme? can someone tell me how can we assign ip addresses to pc
Each department has its own file server and the company has an enterprise server that is shared by all departments. What does a network administrator use to provide a secure separation between the management and sales departments? A. a bridge between management and sales B. routers to provide the most secure segmentation C. a hub to provide ease of management and a satisfactory alternative for network security D. an Ethernet switch to maintain secure separationthrough programming the access lists for each port of the switch
Explain the difference between tftp and ftp application layer protocols?
CO is an acronym for which of the following? A.) Central Office B.) Capital Office C.) Central Operator D.) Company Office
in stead of 0.0.0.0 wild card mask what u can write after ip?
Which of the follow do not belong to the customer? A.) CO B.) DCE C.) Router D.) CPE E.) Demarc F.) DTE
Which two statements are true? (Choose two) A. Ethernet 802.3 utilizes a half duplex method for data transfer B. In a 100 MBS point to point connection a full duplex connection can provide 400 Mbs of data transfer C. Ethernet switches can use the full duplex mode to connect multiple nodes on a single pod of a switch D. Full duplex Ethernet takes advantage of UTP using one pair for transmission and the other pair for reception
Which ISDN specification deals with call Setup and Teardown? A.) Q-Series B.) J-Series C.) I- Series D.) C- Series E.) F-Series
Which two physical interfaces support PPP? (Choose two) A. Ethernet B. Token Ring C. Synchronous serial D. Asynchronous serial
CCNA 
