Tunnel Mode is a method of sending data over the Internet where the data is encrypted and the original IP address information is also encrypted.
The Encapsulating Security Payload (ESP) operates in Transport Mode or Tunnel Mode. In Tunnel Mode, ESP encrypts the data and the IP header information.
The Internet Security (IPsec) protocol uses ESP and Authentication Header (AH) to secure data as it travels over the Internet in packets. ESP handles data encryption and some authentication of data. AH only provides authentication. Both protocols may be used independently or they may be grouped as IPsec. IPsec is used in virtual private networks (VPNs).
Example:
“VPN connections are intended to conceal the source of the information being transmitted within the network and among its users. That’s why information carried this way uses ESP tunnel mode so the information itself and the IP header info are not visible.”