I have read conflicting stories on IPSec. Some sources have stated that it can be used to carry any layer 3 routable protocol and some have said that it only carries TCP/IP traffic.
Can someone set me straight?
IPSec can be used to encrypt GRE tunnels to provide network layer security for non-IP traffic, such as Novell Internetwork Packet Exchange (IPX), AppleTalk, and so forth.
IPSec is a security model (and not a protocol) for OSI layer 3. From what I understand, IPSec was specifically designed for IP traffic only. However, any solution that allows other protocols to be tunneled within IP (such as L2TP) will also work with IPSec.
Parts of IPSec are defined across many RFCs, including RFCs 2085, 2104, 2401, 2402, 2403, 2404, 2405, 2406, 2407, 2410, 2411, and 2451.
everyone here is correct. IPSec is a security protocol for IP traffic ONLY. However, if another non-IP protocol is encapsulated inside of IP, IPSec can be used as the security protocol to secure the traffic.