Internet Protocol Security (IPSec) is a network layer (layer 3) protocol suite that provides secure communication networks among parties. Moreover, it employs strong encryption algorithms to serve confidentiality, integrity and authentication requirements.
IPSec is comprised two major components namely Authentication Headers (AH) and Encapsulating Security Payload (ESP). The AH part of the protocol provides message integrity and nonrepudiation services. Moreover, AH provides authentication services and further prevents replay attacks. The ESP part of the protocol, on the other hand, provides confidentiality, integrity and limited authentication services. Similar to AH, ESP provides reliable replay attacks as well.
IPSec the aforementioned services through two mode of operations namely Transport and Tunnel Modes. When used in Tunnel mode, it provides encryption protection for both the payload and message header by encapsulating the entire packet. Whereas when in Transport mode, it provides encryption protection for the payload and leaves the original message header as is. Furthermore, Transport mode provides protection primarily for the upper-layer protocols of the OSI model