Go back to
642-552 - SND - Securing Cisco Network Devices Exam
Why does PAT fail with ESP packets?
because ESP is a portless protocol riding directly over IP, ESP prevents the PAT from creating IP address and port mappings
because using tunnel mode, ESP includes the outer IP header in computing the ICV, thus if PAT modifies the outer IP header, the ICV will fail
because ESP does not support tunnel mode
because the ESP header is encrypted
because ESP uses dynamic port number
Want to practice for 642-552 - SND - Securing Cisco Network Devices Exam ?