Internet Security, Datagram Transport Layer Security and Transport Layer Security

• Request for Comments: 3193 - Securing L2TP using IPsec
• Request for Comments: 3554 - On the Use of Stream Control Transmission Protocol (SCTP) with IPsec
• Request for Comments: 3948 - UDP Encapsulation of IPsec ESP Packets
• Request for Comments: 4301 - Security Architecture for the Internet Protocol
• Request for Comments: 4302 - IP Authentication Header
• Request for Comments: 4303 - IP Encapsulating Security Payload (ESP)
• Request for Comments: 4307 - Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
• Request for Comments: 4308 - Cryptographic Suites for IPsec
• Request for Comments: 4309 - Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
• Request for Comments: 4347 - Datagram Transport Layer Security
• Request for Comments: 4555 - IKEv2 Mobility and Multihoming Protocol (MOBIKE)
• Request for Comments: 4835 - Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
• Request for Comments: 4877 - Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture
• Request for Comments: 4945 - The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
• Request for Comments: 5077 - Transport Layer Security (TLS) Session Resumption without Server-Side State
• Request for Comments: 5246 - The Transport Layer Security (TLS) Protocol Version 1.2
• Request for Comments: 5282 - Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol
• Request for Comments: 5374 - Multicast Extensions to the Security Architecture for the Internet Protocol
• Request for Comments: 5386 - Better-Than-Nothing Security: An Unauthenticated Mode of IPsec
• Request for Comments: 5746 - Transport Layer Security (TLS) Renegotiation Indication Extension
• Request for Comments: 5763 - Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS)
• Request for Comments: 5764 - Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)
• Request for Comments: 5996 - Internet Key Exchange Protocol Version 2 (IKEv2)
• Request for Comments: 5998 - An Extension for EAP-Only Authentication in IKEv2
• Request for Comments: 6176 - Prohibiting Secure Sockets Layer (SSL) Version 2.0

You do not need to implement IPSec to encrypt your data transmissions between two machines. TLS & SSH allow you to encrypt transmissions on a per application basis. SUN's LDAP client can be configured to use TLS encryption so the logon credentials are sent encryped to/from the LDAP server. SSH allows a complete session to be encrypted between client and server. With IPSec, any application that transmits data between two endpoints is encrypted even if the application has no mechanism to do this normally. An example of this would be telnet.

If you do decide to use IPSec then do some research and decide if adding a crypto accelerator card to your machine is a good idea or not.