Hi Sadiq,
Thanks for your suggestion ...When get chance to lab it up will confirm
the same ..
Thank You
Regards
Anantha Subramanian Natarajan
On Mon, Apr 12, 2010 at 3:15 AM, Sadiq Yakasai <[email protected]> wrote:
> The only way to confirm this is by lab'ing it up! I have read several
> documentations on this and I just dont have a good sense of if AH is
> supported or NOT.
>
> Anantha, any chance you could lab this up and confirm? Otherwise, I will do
> this and get back to you.
>
> Thanks,
> Sadiq
>
>
> On Mon, Apr 12, 2010 at 1:13 AM, Anantha Subramanian Natarajan <
> [email protected]> wrote:
>
>> Thank you very much Brandon
>>
>> Regards
>> Anantha Subramanian Natarajan
>>
>> On Sun, Apr 11, 2010 at 5:16 PM, Brandon Carroll <[email protected]
>> >wrote:
>>
>> > It may be related to issues with AH and NAT or even the version of code
>> the
>> > book was based on, however the 8.3 Configuration guide states the
>> following:
>> >
>> > IPSec Pass Through application inspection provides convenient traversal
>> of
>> > ESP (IP protocol 50) *and AH (IP protocol 51) traffic* associated with
>> an
>> > IKE UDP port 500 connection. It avoids lengthy access list configuration
>> to
>> > permit ESP and AH traffic and also provides security using timeout and
>> max
>> > connections.
>> >
>> >
>> >
>> >
>> http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/inspect_basic.html#wp1553398
>> >
>> >
>> > Regards,
>> >
>> > Brandon Carroll - CCIE #23837
>> > Senior Technical Instructor - IPexpert
>> > Mailto: [email protected]
>> > Telephone: +1.810.326.1444
>> > Live Assistance, Please visit: www.ipexpert.com/chat
>> > eFax: +1.810.454.0130
>> >
>> > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
>> > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
>> > CCIE (R&S, Voice, Security & Service Provider) certification(s) with
>> > training locations throughout the United States, Europe, South Asia and
>> > Australia. Be sure to visit our online communities at
>> > www.ipexpert.com/communities and our public website at www.ipexpert.com
>> >
>> >
>> >
>> > On Apr 11, 2010, at 11:07 AM, Anantha Subramanian Natarajan wrote:
>> >
>> > Hi All,
>> >
>> > I was going through the IPSec Pass-through section on the "Cisco
>> > ASA:All-in-One Firewall,IPS,Anti-X and VPN Adaptive security appliance"
>> > book.My understanding from that section is ,IPSec pass-through supports
>> only
>> > the ESP protocol;it does not support the Authentication Header(AH)
>> > Protocol.On the ipsec pass-through inspect map section,it has 2
>> different
>> > security levels(high and low) to choose from.Under the actions on each
>> > security level we choose,it has check for Maximum AH flows per client
>> and AH
>> > idle timeout.
>> >
>> > My question is,what it means,when IPSEC pass-through supports only ESP
>> and
>> > not AH ,even though it has checks for AH.
>> >
>> > Kindly help me to clarify the same.
>> >
>> > Thanks for the help
>> >
>> > Regards
>> > Anantha Subaramanian Natarajan
>> > _______________________________________________
>> > For more information regarding industry leading CCIE Lab training,
>> please
>> > visit www.ipexpert.com
>>
>>
>
>
> --
> CCIE #19963
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
