These security agreements are made individually for the Authentication Header( AH) and the Encapsulated Security Payload( ESP). They apply to unidirectional communication, i.e., only for one transmission direction. Since communication is bidirectional, at least two security associations are required for transmission: one for encrypting a data packet, for example, and the second for authentication.
Security Associations are the fundamental individual basis of every IPSec connection. They define exactly how the host or security gateway must establish and maintain a connection to the target component. A Security Association is always unique and is described by three essential components: The Security ParameterIndex( SPI) the IP destination address and the Security Protocol Identifier. The SPI value is a freely selectable value that serves as a unique identifier for an IPsec connection.