IPSec ESP Wireshark decrypt payload
When implementing IPSec with ESP, the "Encapsulating Security Payload" section of the capture is the encrypted portion of the payload that cannot be read by default on Wireshark. However, it is possible to have Wireshark decipher the contents of that portion of the payload.
This can be done by configuring Wireshark to attempt to detect and decode encrypted ESP payloads.
Further explanation here:
Decrypt IPSec ESP traffic with Wireshark
Links
https://forum.networklessons.com/t/dmvpn-over-ipsec/1316/44?u=lagapides