Encapsulated Security Payload

- Provides confidentiality, integrity and authentication

[ Next header code] [ Header len] [ reserved ]
[ Security parameters index ] <= pointer to the hash algorithm and encryption algorithm
[ sequence number ]
[ encrypted part ]
[ Authentication data (message digest) ]

Original Datagram:
[Original IP header] [Payload]
Transport mode:
[Original IP Header] [ESP Header] [Payload] [ESP Trailer]
<--- e ----> encrypted
<----------------------- a -----------------------> authenticated
Tunnel Mode:
[New IP Header] [ESP Header] [Original IP Header] [Payload] [ESP Trailer]
<--------------------------- e ---------->
< ----------------------------------------------- a ------------------------------>

ESP Tunnel is the most secure

Index