User plane model for non-3GPP access to fifth generation core network

What is claimed: 1. A method of operation of a wireless device attached to a third partnership project, 3GPP, network, for establishing a Packet Data Unit, PDU, session over a non 3GPP access, comprising: sending a Non-Access Stratum, NAS PDU session request message to establish a PDU session for transporting data of a particular type over an established Internet Protocol Security, IPsec, Security Association, SA; establishing an IPSec Child SA, for the PDU session and using at least one of a security parameter Index of the IPSec Child SA, an IP address assigned to the PDU session or a PDU session identifier for associating the IPSec Child SA to the established PDU session; and encapsulating data to be transmitted for the PDU session wherein a type of encapsulated data is provided and the type corresponds to the particular type of data identified for the PDU session. 2. The method of claim 1 , wherein said encapsulating data to be transmitted further comprises adding to the data an Encapsulation Security Payload, ESP, frame corresponding to the IPSec Child SA. 3. The method of claim 2 , wherein the type of encapsulated data is provided in a next header field in the ESP frame. 4. The method of claim 1 , wherein encapsulating data to be transmitted further comprises encapsulating the data by an inner encapsulation header and adding to the encapsulated data an Encapsulation Security Payload, ESP, frame corresponding to the IPSec Child SA. 5. The method of claim 4 , wherein the inner encapsulation header is a Generic Routing Encapsulation (GRE) Header. 6. The method of claim 4 , wherein a type of encapsulated data is provided in a protocol type field of the GRE header. 7. The method of claim 1 wherein the PDU session request includes an application type or an application identifier of an application generating the data for the PDU session. 8. The method of claim 1 wherein the step of establishing the IPSec Child SA further comprises receiving an Internet Key Exchange Create_Child Security Association (IKE Create Child SA) request message of an IKE Child SA exchange. 9. The method of claim 1 wherein the step of establishing the IPSec Child SA further comprises sending an IKE Create_Child SA request message of the IKE Child SA exchange. 10. The method of claim 8 wherein the method further comprises obtaining the IP address assigned to the PDU session during the IKE Child SA exchange. 11. The method of claim 1 wherein said associating the IPSec Child SA to the PDU session further comprises correlating the IP address obtained in the IKE Child SA exchange to an IP address assigned to the PDU session and received in a NAS PDU session response in response to the NAS PDU session request. 12. The method of claim 1 , wherein the method further comprises receiving a NAS PDU session response in response to the NAS PDU session request wherein the NAS PDU session response comprises the security parameter Index, SPI, of the IPSec Child SA. 13. The method of claim 12 , wherein said associating the IPSec Child SA to the PDU session further comprises correlating the SPI received in the IKE Child SA exchange to the SPI received in the NAS PDU session response. 14. The method of claim 1 , wherein sending the PDU session is initiated as a result of receiving the data from an Internet of Thing, IoT, device connected to the wireless device. 15. The method of claim 1 , wherein the data of the particular type comprises one of non-Internet Protocol, non-IP framed data, non-IP raw data and IP data. 16. The method of claim 1 , wherein the NAS PDU session request and any other NAS message is encapsulated in a Generic Routing Encapsulation (GRE) Header when transmitted as in an ESP frame over the established IPSec SA. 17. A wireless device, comprising: at least one transceiver; at least one processor; and memory comprising instructions executable by the at least one processor whereby the wireless device is operable to: send a Non-Access Stratum Packet Data Unit, NAS PDU session request to establish a PDU session to transport data of a particular type over an established Internet Protocol Security, IPsec, Security Association, SA; establish an IPSec Child SA, for the PDU session and use at least one of a security parameter Index of the IPSec Child SA, an IP address assigned to the PDU session or a PDU session identifier to associate the IPSec Child SA to the established PDU session; and encapsulate data to be transmitted for the PDU session by adding an encapsulation header to the data wherein a type of encapsulated data is provided and the type corresponds to the particular type of data identified for the PDU session. 18. The wireless device of claim 17 , wherein the encapsulation header is a Generic Routing Encapsulation, GRE, header. 19. The wireless device of claim 18 wherein the NAS PDU session request and other NAS messages are transmitted encapsulated in the GRE header and further encapsulated in an ESP frame corresponding to the established IPSec SA. 20. The wireless device of claim 17 , wherein a NAS PDU session response received in response to the NAS PDU session request, comprises information related to the encapsulation header. 21. A network entity, comprising: at least one processor; and memory comprising instructions executable by the at least one processor whereby the network entity is operable to: receive a Non Access Stratum, Packet Data Unit, NAS PDU, session request from a UE to establish a PDU session to transport data of a particular type over an Internet Protocol Security, IPsec, Security Association, SA established with the UE; establish an IPSec Child SA for the PDU session and use at least one of a security parameter Index of the IPSec Child SA, an IP address assigned to the PDU session or a PDU session identifier to associate the IPSec Child SA to the established PDU session; and encapsulate data to be transmitted for the PDU session to the UE and indicate the type of data to be transmitted as the data of the particular type. 22. The network entity of claim 21 , wherein the network entity is further adapted to encapsulate data to be transmitted by encapsulating the data in an inner encapsulation header and adding to the encapsulated data an Encapsulation Security Payload, ESP, frame corresponding to the IPSec Child SA. 23. The network entity of claim 22 , wherein the inner encapsulation header is a Generic Routing Encapsulation (GRE) Header. 24. The network entity of claim 23 , wherein indicating the type of data further comprises setting a protocol type field in the GRE header to a value corresponding to the data of the particular type. 25. The network entity of claim 21 , wherein the PDU session request includes an application type or an application identifier of an application generating the non-IP data for the PDU session.