IPsec is an extension to the IP protocol which provides security to the IP and the upper-layer protocols.
It was first developed for the new IPv6 standard and then “backported” to IPv4.
The IPsec architecture is described in ipsec.
The following few Illustration will give you a short introduction into IPsec.
IPsec uses two different protocols - AH and ESP - to ensure the authentication, integrity and confidentiality of the communication. It can protect either the entire IP datagram or only the upper-layer protocols.
The appropiate modes are called tunnel mode and transport mode. In tunnel mode the IP datagram is fully encapsulated by a new IP datagram using the IPsec protocol.
In transport mode only the payload of the IP datagram is handled by the IPsec protocol inserting the ipsec header between the IP header and the upper-layer protocol header.