AH and ESP

Authentication Header computes a value that consists of:

Payload Data
IP header data
Authentication Key

Receiver performs same computation and knows that:

Noone changed the data (integrity)
Noone changed the address information (authenticity)
Sequence numbers are ok (replay protection)

ESP performs almost like that, except that:

The outer IP Header is not protected
Payload is encrypted