IPSEC: with IPsec you can provide privacy integrity and authenticity for network traffic in the following situations
1) End t end security for IP unicast traffic using IPsec trasport mode
2) Remote Access VPN client and gateway functions, using L2TP secured by IPsec transport mode.
3) Site-to-site VPN connections across outsourced private wide area network (wan) or Internet-based connections using L2TP/IPsec or IPsec Tunnel Mode
3 IKE authentication Methods of IPsec
1) Kerberos v.5
2) Certificates
3) Passwords
IPSec provides integrity protection, authentication and privacy replay protection services for IP traffic:
1) IP protocol 50 called the encapsulating security payload (ESP) format, which provides confidentiality, authenticity, and integrity.
2) IP protocol 51 called authentication header (AH) format, which provides integrity and authenticity, but not confidentity.
IPSec has two modes transport (which uses an existing IP packet) and tunnel mode (which uses an existing IP packet) and Tunnel mode (which uses an IP packet Inside a new IP packet that is sent to a tunnel endpoint in the IPsec format.
Transport mode was designed to provide end to end security while tunnel mode was designed primarily for network mid points, routers, gateways tunnel mode not suitable for vpn (no authentication of client IP address config)