encapsulating security payload (IPsec) (ESP)
The Encapsulating Security Payload(ESP) is used to encryptIP data packets and, like the Authentication Header( AH), uses the Hash-Based Message Authentication Code( HMAC) as its algorithm.
The ESP header uses cryptographic methods such as the Data Encryption Standard( DES) and encrypts all data that lies between the ESP header and the ESP trailer. At the end of a data packet, an optional ESP authentication block can provide additional authenticity.
The Encapsulating Security Payload, specified in RFC 2406, authenticates only the IP content in transport mode, not the IP header. This mode is mainly used within a secure network.
In tunnel mode, on the other hand, the IP header is encrypted to protect internal address information from unauthorized access. This mode is prescribed in the IPsec framework for secure tunneling between two firewalls in virtual private networks( VPN).