Protecting users' privacy is becoming one of the rising issues for the success of future communications. The Internet in particular, with its open architecture, presents several threats to the right of protecting personal and sensitive data.

One fundamental building block of privacy-respectful communications is protecting the communication parties identities, or, as it is commonly called within the research community anonymous networks (ANs). A AN prevents external observers as well as the network to have access to communicating partners identities and addresses. In this paper we propose a novel architecture to realize ANs, as an extension to IPsec. After explaining the rationale and discussing possible alternatives, we present a working prototype implementation and its experimental performance comparison with application level solutions.