This mode of IPSec is usually used when the encryption is destined to be the originator to destination, or endpoint to endpoint.

Note that the original IP header is passed in the clear, thus a hacker could still sniff and find two valid IP addresses of nodes on the network.