You work as a network administrator at Certkiller .com. The Certkiller .com network uses an IP
proxy that provides Network Address Translation (NAT). You have implemented IPSec for all
Internet bound traffic; however, Internet access is now no longer possible. What should is the
cause of this problem?
A.
Network Address Translation (NAT) does not work with IPSec.
B.
The IP proxy is blocking egress and ingress traffic on port 80.
C.
The IP proxy is blocking egress and ingress traffic on port 1293.
D.
The IP proxy is blocking egress and ingress traffic on port 8080.
Explanation:
Network Address Translation (NAT) is not compatible with IPSec because NAT changes the IP
address in the IP header of each packet. IPSec does not allow this and drops the packet.Incorrect Answers:
B: Port 80 is used for HTTP traffic. However, Internet access was possible before the switch t o
IPSec. Therefore the problem does not lie with port blocking.
C: Port 1293 is used for IPSec traffic. If this port is blocked, IPSec traffic would not pass. However,
the problem here is that Network Address Translation (NAT) changes the IP address in the IP
header of each packet which is not permitted in IPSec.
D: Port 8080 is an alternate port for HTTP and is commonly used for proxy servers. However, the
problem here is that Network Address Translation (NAT) changes the IP address in the IP header
of each packet which is not permitted in IPSec.Reference:David Groth and Toby Skandier,
Network+ Study Guide (4th Edition), Sybex, Alameda CA, 2005, pp. 134-13, 142-144.