IPSec stands for  IPSecurity. It provides security services at the IP layer for other TCP/IP protocols and applications to use.

What this means is that IPSec provides the tools that devices on a TCP/IP network need in order to communicate securely.

When we have two terminals that wants to do secure communications() either hosts routers or the firewalls),then a secure path or route is set up between them that will cross the insecure systems on the move.

To accomplish this, they must perform (at least) the following tasks:

1. They must agree on a set of security protocols to use, so that each one sends data in a format the other can understand.
    
2. They must decide on a specific encryption algorithm to use in encoding data.
    
3. They must exchange keys that are used to unlock  data that has been cryptographically encoded.
    
4. After the background work is being finished the device will use the protocols, methods associated with it and the keys to encode the data that is in the network.

IPSec Implementation Methods

End Host Implementation

Putting IPSec into all host devices provides the most flexibility and security. It enables end to end security between any two devices on the network.

However, there are many hosts on a typical network, so this means far more work than just implementing IPSec in routers.

Router Implementation

This is a very easy and non tedious option as we only have to change the routers in place of changing the thousand of clients associated with it. It will provide security between the router pairs that have implemented the IPSec but this thing is irrelevant for the applications like VPN

The router is only responsible in terms of protection for that particular portion that lies outside of the organization , rest is unsecured in the network.