The principal IPSec protocols are:

• IP Authentication Header (AH): This provides data origin authentication, data integrity, and replay protection. These three functions are collectively known as authentication. Data integrity comes from the checksum generated by a message authentication code like MD5, data origin authentication from a shared secret key in the data to be authenticated, and replay protections come from a sequence number in the AH.
• IP Encapsulating Security Payload (ESP): This provides data confidentiality, data origin authentication, data integrity, and replay protection. While ESP and AH can both provide authentication, data integrity checking, and replay protection, only ESP can do encryption. When used for authentication, ESP will use the AH algorithms. ESP and AH can be combined or nested.
• Internet Security Association and Key Management Protocol (ISAKMP): This protocol provides a method for automatically setting up security associations between sites and managing their cryptographic keys.