These nonces generate new shared secret key material. If the lifetime for IPsec expires, it can renegotiate a new SA. Here the data is safely and securely transmitted through the IPsec tunnel. The sent packets are encrypted and decrypted using the specified encryption in the IPsec SAs.
A Cryptographic Evaluation of IPsec, by Bruce Schneier and Niels Ferguson. An interesting paper on the security of IPsec, whose main point is that IPsec is far too complex to ever really be secure something which has crossed our minds as well.
The SA includes all attributes of the connection, including the cryptographic algorithm, the IPsec mode, the encryption key and any other parameters related to data transmission over the connection. IPsec uses, or is used by, many other protocols, such as digital signature algorithms and most protocols outlined in the IPsec and IKE Document Roadmap, or RFC 6071.
IPSec transport mode is usually used when another tunneling protocol like GRE is used to first encapsulate the IP data packet, then IPSec is used to protect the GRE tunnel packets. IPSec protects the GRE tunnel traffic in transport mode.

