IPsec (Internet Protocol Security)

Hello Samir

You are not explicitly required to memorize any specific RFCs or details for the CCIE exam. However, you are given access to some reference materials that may include RFCs as well as Cisco documentation. So you should be familiar with what RFCs are and how to search them to find the information you’re looking for. I don’t believe it is worth going too deep into them. The level of detail you seek here is probably a little beyond what is expected of you, but this is just my personal evaluation.

Actually, ESP resolves this issue with NAT/PAT. This is because ESP provides encryption and authentication, but it does not include the IP header fields that are modified by NAT devices in its authentication calculations.

Yes it does. Take a look at the following section from RFC 4302 which describes this further.

Because the ICV itself is included within the AH header, for the calculation, its value is temporarily set to zero, otherwise, you’d have a circular reference that wouldn’t work…

I hope this has been helpful!