• Request for Comments: 3948 - UDP Encapsulation of IPsec ESP Packets
• Request for Comments: 4301 - Security Architecture for the Internet Protocol
• Request for Comments: 4302 - IP Authentication Header
• Request for Comments: 4303 - IP Encapsulating Security Payload (ESP)
• Request for Comments: 4305 - Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
• Request for Comments: 4306 - Internet Key Exchange (IKEv2) Protocol
• Request for Comments: 4307 - Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
• Request for Comments: 4308 - Cryptographic Suites for IPsec
• Request for Comments: 4309 - Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
• Request for Comments: 4347 - Datagram Transport Layer Security
• Request for Comments: 4535 - GSAKMP: Group Secure Association Key Management Protocol
• Request for Comments: 4555 - IKEv2 Mobility and Multihoming Protocol (MOBIKE)
• Request for Comments: 4945 - The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
• Request for Comments: 5077 - Transport Layer Security (TLS) Session Resumption without Server-Side State
• Request for Comments: 5246 - The Transport Layer Security (TLS) Protocol Version 1.2
• Request for Comments: 5282 - Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol
• Request for Comments: 5374 - Multicast Extensions to the Security Architecture for the Internet Protocol
• Request for Comments: 5386 - Better-Than-Nothing Security: An Unauthenticated Mode of IPsec
• Request for Comments: 5746 - Transport Layer Security (TLS) Renegotiation Indication Extension

You do not need to implement IPSec to encrypt your data transmissions between two machines. TLS & SSH allow you to encrypt transmissions on a per application basis. SUN's LDAP client can be configured to use TLS encryption so the logon credentials are sent encryped to/from the LDAP server. SSH allows a complete session to be encrypted between client and server. With IPSec, any application that transmits data between two endpoints is encrypted even if the application has no mechanism to do this normally. An example of this would be telnet.

If you do decide to use IPSec then do some research and decide if adding a crypto accelerator card to your machine is a good idea or not.