Authentication Header (AH)
AH provides connectionless integrity, data authentication, and optional replay protection, but it does not provide confidentiality.
AH is an IP protocol, identified by a value of 51 in the IP header. The Next header field indicates what follows the AH header. In transport mode, it will be the value of the upper layer protocol being protected (for example, UDP or TCP). In tunnel mode, this value is 4.
AH in transport mode is useful if the communication endpoints are also the IPsec endpoints. In tunnel mode, AH encapsulates the IP packet, and an additional IP header is added before the AH header. Although the tunnel mode of AH could be used to provide IPsec VPN end-to-end security, there is no data confidentiality in AH, therefore this mode is not very useful. AH is defined by RFC2402.