Data Integrity - IPsec VPN Tutorial Guide
Data Integrity protects data from interception and modification. Data integrity ensures data has not been altered when in transmit.
In the case with VPN's, it is there to ensure data has not been intercepted and changed when traveling from one VPN gateway to another VPN gateway. A hashing mechanism is used to accomplish the integrity of data. As data integrity guarantees integrity of a message, even if one bit has been modified, the hash will not match. A one way hash of the data has to match exactly. If one bit is different, this means the message has been changed and the data integrity check will fail.
A one way hash simply takes a variable length string and data, and produces a fixed length hash value. The hash along with its data is then sent to the receiver. The receiver will compute the same hash function on the data to compare this to the sending hash result, and if they are the same, then the message will be accepted. We can safely say that the message has not been modified in transit.
Common hashing algorithms developed to ensure integrity of data are the SHA family of algorithms, the MD family of algorithms, Haval and Tiger.Two common hash algorithms VPN device uses for verifying integrity of data are hmac-md5 and hmac-sha, Hmac-sha being the strongest of the two.
Further Reading
Wikipedia's guide to Data Integrity