Encapsulating Security Payload (ESP)

Encapsulating Security Payload:

The AH protocol provides only source authentication and data integrity but it does not provide privacy. IPSec has defined a new protocol that is called Encapsulating Security Payload (ESP) which has the features of source authentication, data integrity and privacy. ESP has a header and trailer. The header is placed after the IP header and the trailer is placed after the payload. The authentication data is placed at the last, just after the ESP trailer. The steps of the ESP procedure are given below:

1. ESP trailer is added to the payload.
2. The payload and the ESP trailer are encrypted.
3. The ESP header is added just before the encrypted payload and trailer.
4. The ESP header, payload and ESP trailer are used to form the authentication data.
5. The authentication data are added after the ESP trailer.