Seems like you haven't even searched the net or done ANY effort to get into IP Sec, but.. lucky as you are, I'm a very nice person and am willing to give you some information you could have looked up yourself within 2 secs by searching the net.
To give a very global overview.
IPSec is there to encrypt your IP package, it can also encrypt your Headers, but thats dependant on your IPSec mode.
There is a Tunnel IPSec mode and a Transport IPSec mode
Transport encrypts only the payload while Tunnel also encrypts your headers (VPN's for example).
IPSEC can be configured through Group Policy or through IPSEC security snap in using mmc, or NETSH command.
you can set the server to " Server Request" for Servers and "Client Respond" for Clients this will ask for IPSEC if its not avaliable it wont use it, however if you set "Server Require" then it will not comunicate with client unless the desktop has client "Respond enabled".
This Basically enables transport mode IPSEC, so you can Encrypt traffic from Client to Server, this only works Locally, you will need to setup Tunnel mode in Routing and Remote access for Server to Server over WAN, or use Cisco PIX/ASA x 2 or whatever floats your boat.