IPSec (Internet Protocol Security) is a network protocol suite for building cryptographically protected tunnels. IPSec is used in virtual private networks (VPNs) to authenticate and encrypt data packets. Data flows between two hosts (host-to-host), unencrypted networks (site-to-site), or a network with a host (site-to-host) can be protected.
AH protocol (Authentication Header protocol)—reliable for data authentication and confirms that the delivered packet remained integrated during the transference. Currently, it is rarely used.
ESP protocol (Encapsulating Security Payload)—encrypts packets; even if the packet is intercepted, the packet content is inaccessible.
IPSec is the only VPN protocol that is standardized in RFC. That means IPSec has the best chance of working well with different endpoints/implementations. What's more, the software on the user or server systems does not need to be changed when IPSec is implemented in the firewall/router. From a business perspective, IPSec has one more advantage. It is already installed in the user system—this is beneficial when workers lack permission to install any software on their computers.