the route and make sure that the network devices used for transmission did not do any unauthorized changes to the data.The Authentication Header (AH) protocol provides data origin authentication, data integrity, and replay protection. However, AH does not provide data confidentiality, which means that all of your data is sent in the clear. AH does not protect the values of certain fields in the IP header cannot be predicted by the receiver these fields, known as mutablefields. AH always protects the payload of the IP packet.In general, this is a protocol that provides data integrity and data origin authentication, protection against replay of the IP packets but not confidentiality. Ways of using AHYou can apply AH in two ways: transport modeand tunnel mode.In transport mode: The IP header of the datagram is the outermost IP header, followed by the AH headerand then the payload of the datagram. AH authenticates the entire datagram, except the mutable fields. However, the information contained in the datagram is transported in the clear and is, therefore, subject toeavesdropping. Transport mode requires less processing overhead than tunnel mode, but does not provide as much security.In tunnel mode: It creates a new IP header and uses it as the outermost IP header of the datagram. The AH header follows the new IP header. The original datagram (both the IP header and the original payload)
comes last. AH authenticates the entire datagram, which means that the responding system can detect whether the datagram changed while in transit.The main advantage to using tunnel mode is that tunnel mode totally protects the encapsulated IP datagram. In addition, tunnel mode makes it possible to use private addresses.Why AH? TheEncapsulating Security Payload (ESP)protocol can perform authentication, AH does not affect your system performance as does ESP. Another advantage of using AH is that, AH authenticates the entire datagram. ESP, however, does not authenticate the leading IP header or any other information that comes before the ESP header. Encapsulating Security Payload (ESP)AH is concerned with the integrity of the data, the encapsulating security payload (ESP) protocol is concerned with privacy and confidentiality. ESP encrypts the data itself so that anyone eavesdropping in the network or planning to intercept the data will not have enough time to decrypt copy and then resend the data to unintended recipients. The idea behind ESP is to use sophisticated algorithms to encrypt the data, which only the recipient can decrypt, which requires strong cryptographic algorithms in order to be put into effect.The Encapsulating Security Payload (ESP) protocol provides data confidentiality, and also optionally provides data origin authentication, data integrity checking, and replay protection.The difference between ESP and the Authentication Header (AH)protocol is that ESP provides encryption, while both protocols provide authentication, integrity checking, and replay protection. With ESP, both communicating systems use a shared key for encrypting and decrypting the data they exchange.