IPsec uses one of these two protocols to protect the data:
1. Encapsulated Security Payload (ESP): ESP provides Confidentiality, data integrity and source authentication.
2. Authentucation Header (AH): AH only provides data integrity and source authentication.
AH and ESP can be used in two different modes to protect the data. Transport and Tunnel modes are two modes used by IPsec.
1. Transport mode: In transport mode, IPsec only protects the IP payload. AH or ESP is applied only to the IP payload and the original IP header is used to forward the IP packet.
2. Tunnel mode: In tunnel mode, IPsec protects the entire IP packet. AH or ESP is used to encapsulate the entire IP packet and a new IP header is added. The new IP header is used to forward the packet to the corresponding IPsec peer.
VIA uses ESP in tunnel mode.