March 5, 2002
Practical Aspects of Modern Cryptography
71
IPSEC AH and NAT
nChange in address or
port will cause message integrity
check to fail
nPacket will be
rejected by destination IPSEC
nAH cannot be used
with NAT or PAT devices
Data
TCP Hdr
AH Hdr
Orig IP
Hdr
Message Integrity Check coverage (except for
mutable fields)
