Thank you very much Brandon Regards Anantha Subramanian Natarajan
On Sun, Apr 11, 2010 at 5:16 PM, Brandon Carroll <[email protected]>wrote: > It may be related to issues with AH and NAT or even the version of code the > book was based on, however the 8.3 Configuration guide states the following: > > IPSec Pass Through application inspection provides convenient traversal of > ESP (IP protocol 50) *and AH (IP protocol 51) traffic* associated with an > IKE UDP port 500 connection. It avoids lengthy access list configuration to > permit ESP and AH traffic and also provides security using timeout and max > connections. > > > > http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/inspect_basic.html#wp1553398 > > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > On Apr 11, 2010, at 11:07 AM, Anantha Subramanian Natarajan wrote: > > Hi All, > > I was going through the IPSec Pass-through section on the "Cisco > ASA:All-in-One Firewall,IPS,Anti-X and VPN Adaptive security appliance" > book.My understanding from that section is ,IPSec pass-through supports only > the ESP protocol;it does not support the Authentication Header(AH) > Protocol.On the ipsec pass-through inspect map section,it has 2 different > security levels(high and low) to choose from.Under the actions on each > security level we choose,it has check for Maximum AH flows per client and AH > idle timeout. > > My question is,what it means,when IPSEC pass-through supports only ESP and > not AH ,even though it has checks for AH. > > Kindly help me to clarify the same. > > Thanks for the help > > Regards > Anantha Subaramanian Natarajan > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
