IPsec provides security within IP transport networks at the individual packet level. Packets which are IPsec protected can be integrity checked, authenticated and encrypted, depending on the level of protection required. Two versions of IPsec exist, AH (Authentication Header) and ESP (Encapsulating Security Payload), the difference being that where both versions support integrity and authentication, ESP also supports encryption. When IPsec is used between two network nodes, a Security Association must be established between them. The Security Association will have a unique SPI (Security Parameters Index) which will be used to determine exactly how the traffic traversing the Security Association is protected.