Encapsulating Security Payload

An Internet protocol [R2406, R4303] designed to provide data confidentiality service and other security services for IP datagrams. (See: IPsec. Compare: AH.)

Tutorial: ESP may be used alone, or in combination with AH, or in a nested fashion with tunneling. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a host and a gateway. The ESP header is encapsulated by the IP header, and the ESP header encapsulates either the upper-layer protocol header (transport mode) or an IP header (tunnel mode). ESP can provide data confidentiality service, data origin authentication service, connectionless data integrity service, an anti-replay service, and limited traffic-flow confidentiality. The set of services depends on the placement of the implementation and on options selected when the security association is established.