ESP (Encapsulating Security Payload) is an IPsec protocol that provides encryption, integrity, and authentication for data inside a VPN tunnel. It ensures that all tunneled traffic is encrypted.
B. SSH secures remote terminal sessions, not site-to-site VPN tunnels.
C. GRE (Generic Routing Encapsulation) provides encapsulation but does not encrypt data.
D. IKE (Internet Key Exchange) negotiates keys and establishes the IPsec tunnel but does not encrypt the payload itself.
References (CompTIA Network+ N10-009):
Domain: Network Security — VPN protocols, IPsec (AH vs. ESP), encryption in transit.
