IPSec Policies for Secure Network Communications
IPSec policies can secure network communication in two ways. It can verify the integrity of the sender and/or encrypt the entire communication between two hosts.
AH (Authentication Header) is an optional IPSec protocol which ensures authenticity by using the source and destination IP addresses as part of its integrity check. If the IP address or any data in the IP payload changes, then the integrity check fails.
ESP (Encapsulating Security Payload) encrypts the IP payload and is the protocol normally used with IPSec tunnel mode and the L2TP/IPSec transport mode.