Encapsulating Security Payload (ESP)—ESP provides data authentication, encryption,
and antireplay services. ESP is protocol number 50 assigned by the Internet Assigned
Numbers Authority (IANA). ESP is primarily responsible for getting the data from the
source to the destination in a secure manner, verifying that the data has not been altered,
and ensuring that the session cannot be hijacked. ESP also can be used to authenticate
the sender, either by itself or in conjunction with Authentication Header (AH). ESP can
be configured to encrypt the entire data packet or only the packet’s payload. Figure 13-
3 shows how ESP encapsulates the Internet Protocol version 4 (IPv4) packet, which
portions are encrypted, and which are authenticated.