Does AH work with NT
Jean Triquet
jtriquet at YAHOO.COM
Fri Apr 7 22:14:08 EDT 2000
Well this is not exact
> AH is implemented as a checksum inside the IPHdr..
> Since NAT will strip off
> the IPHdr portion and replace it, AH will not work.
>
The AH header is inserted AFTER the original IP
header. The reason NAT doesn't work is because the
"checksum" calculation involves sections of the IP
header (including source and destination addresses).
NAT modify the IP header and therefore render the AH
"checksum" invalid.
The Authentication Header is described in RFC 2402.
Jean Triquet
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list