ESP provides both authentication & confidentiality.AH provides authentication only but it provides authentication to IP header also which ESP does't provide. My question is designer's of Ipsec could have implemented this functionality within ESP as well & then there will not be any need for AH. Why they have not done that way & incorporated AH ?. Thanks Rupesh