Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

IPSec Encapsulating Security Payload

IP Protocol 50

Usually used with GRE, or mGRE.

Terms

ESP — Encapsulating Security Payload

  • IPSec process responsible for providing encryption

ESP SPI — Security Parameters Index

  • 32-bit field
  • Identifies the SA on both sides

ESP Sequence

  • 32-bit field
  • Goes up by 1 for each transmitted packet.

It’s not recommended to share a SA for multiple senders for this reason.

Transport Mode

IPSec Transport Mode

IPSec ESP Packet

Tunnel Mode

IPSec Tunnel Mode

IPSec ESP Packet

References

RFC 4303: IP Encapsulating Security Payload (ESP) | RFC Editor

RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2) | RFC Editor

IPsec - Wikipedia

Last Modified • Sunday, June 14, 2026. 5:02 pm UTC+00:00 • Commit: 3aedc3f