Hi,

I have some questions concerning ipsec and how the packages look like.
Its just concerning ipsec in ipv4.
First lets see Athentication Header, to be very short and incomplete a packet 
looks like this:

------------------------------
|ethernet| ip header|tcp|data|
------------------------------

Sure sure, it's not the osi model, in there the ip header is on level 3
and the data is level 7.
But lets look more shortly: |ip header|tcp|data|
When you do AH, then it'll be like this:

|ip header|ah|tcp|data|

AH contains cryptographic hashes of the data and identification information.
It also has hashes of the source/destination addresses.
Now my confusion is about the form of the packet.
Is the AH header inserted between the ip and tcp header of the packet
or is the AH a part of the ip header in which case the layer 3 has become
ip header + ah?

ESP is the encapsulation protocol, it adds headers which describe what to
do with the incoming secured packets. It encrypts the tcp and above
headers.
After applying esp a packet looks like:
|ip header|esp header|tcp|data|esp trailer|esp auth|
                     ----------------------
		       encrypted

In here i have a bit the same question as before, is the esp header inserted
or is it part of the tcp layer? In case the header is inserted you have an
8 layered packet :) Or isnt this the case, i am confused about it.

And when ah and esp are done, will a packet look like this?

|ip header|ah|esp header|tcp|data|esp trailer|esp auth|
                        ----------------------
			  encrypted

Or does it look differently?
And what in tunneling mode when we do esp, will a packet look like this?

|new IP hdr|esp|original Ip hdr|tcp|data|esp trailer|esp auth|
               --------------------------------------
		  encrypted

In which i mean with original ip hdr layer 3-7 of the original packet?
I read rfc 2401,2402 and 2406 but still this details arent clear.
Can anybody clear things up?
Mipam.