IPSec secures IP communications. Modes:
Transport (encrypts payload only) and
Tunnel (encrypts entire packet — VPN). Protocols:
AH (integrity only),
ESP (encryption + integrity — preferred).
Always use ESP over AH — ESP provides encryption. IKEv2 is the modern key exchange protocol. Site-to-site VPNs use IPSec tunnel mode. IPSec operates at Layer 3 — encrypts all traffic regardless of application protocol.