An IPsec security association provides which of the following for IP packets?

An IPsec security association defines the cryptographic protections applied to traffic in one direction between two endpoints. It carries the parameters that determine how packets are secured, including which algorithms are used for encryption and which are used for integrity/authentication, along with the keys and lifetimes. Encryption provides confidentiality, so the payload (and sometimes headers) can be encrypted to hide content from eavesdroppers. Authentication/integrity ensures the packet’s origin can be verified and that its contents haven’t been tampered with. IPsec uses ESP (Encapsulating Security Payload) to provide encryption and can also carry an authentication tag to offer integrity, while AH (Authentication Header) provides authentication and integrity without encryption. Because you can configure ESP to perform encryption and also include authentication for integrity, the security association can provide both confidentiality and authenticity for IP packets.