IPsec[#!RFC2411!#],[#!RFC2401!#] consists of three transport layer protocols: AH[#!RFC2402!#], ESP[#!RFC2406!#] and IPcomp[#!RFC2507!#]. There is one management protocol in existence at this time, ISAKMP[#!RFC2408!#]/IKE[#!RFC2407!#],[#!RFC2409!#].
These transport protocols can be applied to upper layers of TCP, UDP, or any other transport protocol. When the upper layer is the ``IPIP''[#!RFC2003!#], then the protocol is said to be in ``tunnel'' mode. For most Virtual Private Network (VPN) usages, tunnel mode is the preferred method since it hides the origina source/destination address. VPNs are often treated as being virtual leased lines.
Each of the transport protocols provide session layer encryption. They are referred to as ``security associations''. These are unidirectional concepts - a pair is usually needed for bidirectional communications.