In tunnel mode, the entire IP datagram is encapsulated, protecting the entire IP datagram.
An IP Packet with tunnel mode AH
5.4.3.4.1.2Encapsulating Security Payload Protocol (ESP)
The Encapsulating Security Payload (ESP) header is defined in RFC 2406. Besides data confidentiality, ESP also provides authentication and integrity as an option. The encrypted datagram is contained in the Data section of the ESP header. When authentication is also chosen within the ESP protocol, the data is encrypted first and then authenticated. The authenticated data is placed in the authentication data field. If no authentication is specified within the ESP protocol, then this field is not used.
ESP Header
When used in transport mode, the ESP header is inserted after the IP header and before any
An IP Packet with transport mode ESP
In tunnel mode, the original IP header and any
76