Hi all Is NAT-T only applicable for ESP? Unlike ESP, AH authenticates original IP header and New IP header in transport and tunnel mode respectively. Hence even with NAT-T, IPSec with AH will fail.
Figure 3 Transport Mode—IPsec Packet Before and After ESP Encapsulation Figure 4 Tunnel Mode—IPsec Packet Before and After ESP Encapsulation With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
