What is the role of cryptographic security services in IPsec?

IPsec’s cryptographic security services are about protecting the data as it travels across a network. They provide confidentiality by encrypting the payload so others can’t read it, and they provide integrity and authenticity by generating cryptographic checksums to verify that packets haven’t been altered and that they come from a legitimate source. In practice, this means IPsec can create secure tunnels where data is both unreadable to eavesdroppers and resistant to tampering, which is essential for private, trustworthy communications over insecure networks. ESP handles encryption and can also offer authentication, while AH focuses on authentication and integrity without encryption. This combination is what keeps IP traffic private and verifiable, unlike functions such as IP address management, logging sessions, or applying QoS, which serve different purposes.