IPSec is a suite of protocols securing IP communications. Modes: Transport (encrypts payload only) and Tunnel (encrypts entire packet — VPN). Protocols: AH (integrity only), ESP (encryption + integrity).
IPSec provides network-layer encryption. IKE/IKEv2 negotiates security associations. AH provides integrity but no encryption. ESP provides both — always prefer ESP. Site-to-site VPNs commonly use IPSec in tunnel mode.