I’m reading about security associations. I’ve understood that a SA is a virtual connection between a client and a sever, in which all the security parameters, such as encryption algorithm, IP origin and source HMAC algorithm… are defined.
My question is: Is SA implemented when using AH and ESP protocols, or only in ESP when confidentiality is required?
And there goes another question: How does the router know whether to use IPsec or not? By using the protocol field in the IP header?