diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py
index 4ae3f070d..692a6e187 100644
--- a/scapy/layers/ipsec.py
+++ b/scapy/layers/ipsec.py
@@ -111,6 +111,7 @@ class ESP(Packet):
 bind_layers(IP, ESP, proto=socket.IPPROTO_ESP)
 bind_layers(IPv6, ESP, nh=socket.IPPROTO_ESP)
 bind_layers(UDP, ESP, dport=4500)  # NAT-Traversal encapsulation
+bind_layers(UDP, ESP, sport=4500)  # NAT-Traversal encapsulation
 
 #------------------------------------------------------------------------------
 class _ESPPlain(Packet):
@@ -977,4 +978,4 @@ class SecurityAssociation(object):
         elif self.proto is AH and pkt.haslayer(AH):
             return self._decrypt_ah(pkt, verify=verify)
         else:
-            return pkt
+            raise TypeError('%s has no %s layer' % (pkt, self.proto.name))
diff --git a/test/ipsec.uts b/test/ipsec.uts
index 8b38695fc..01f135714 100644
--- a/test/ipsec.uts
+++ b/test/ipsec.uts
@@ -419,7 +419,7 @@ except IPSecIntegrityError, err:
 + IPv4 / AH
 
 #######################################
-= IPv4 / AH - Transport - AES-XCBC-96
+= IPv4 / AH - Transport - HMAC-SHA1-96
 
 p = IP(src='1.1.1.1', dst='2.2.2.2')
 p /= TCP(sport=45012, dport=80)
@@ -428,7 +428,7 @@ p = IP(str(p))
 p
 
 sa = SecurityAssociation(AH, spi=0x222,
-                         auth_algo='AES-XCBC-96', auth_key='sixteenbytes key')
+                         auth_algo='HMAC-SHA1-96', auth_key='sixteenbytes key')
 
 e = sa.encrypt(p)
 e
@@ -453,7 +453,7 @@ d
 assert(d[TCP] == p[TCP])
 
 #######################################
-= IPv4 / AH - Transport - AES-XCBC-96 - altered packet
+= IPv4 / AH - Transport - HMAC-SHA1-96 - altered packet
 
 p = IP(src='1.1.1.1', dst='2.2.2.2')
 p /= TCP(sport=45012, dport=80)
@@ -462,7 +462,7 @@ p = IP(str(p))
 p
 
 sa = SecurityAssociation(AH, spi=0x222,
-                         auth_algo='AES-XCBC-96', auth_key='sixteenbytes key')
+                         auth_algo='HMAC-SHA1-96', auth_key='sixteenbytes key')
 
 e = sa.encrypt(p)
 e