VPN protocols don't usually employ IPsec in the way that you're thinking. IPSec itself is the VPN protocol. Well, it's really more of a standard. Imagine that I said, "You have to transport this shipment in a motorized vehicle that can drive on highways." You could choose whatever you wanted like a car or truck as long as it meets those parameters. IPsec works the same way.
There are two parts to IPSec: one that governs how peers are authenticated and exchange key information (authentication header), and another that handles encryption (encapsulating security payload). As long an IPSec client can fulfill these functions and the peer it wants to talk to supports them too, it can choose whatever ciphers or key exchange methods it wants to use. For example, an IPSec client could choose to use 3DES, DES, or AES ciphers for its ESP.
That's why people say IPSec is a protocol "suite". It could possibly describe a mishmash of ciphers, hashing algorithms, and key exchange methods to accomplish the same thing.
IP Security (IPSec) provides a stable, long lasting base for providing network layer security.
www.ibm.com
P.S. IPsec is normally used for site-to-site VPN. That means you're trying to establish connectivity between two physical sites so that computers in each site can communicate. IPsec endpoints are usually hardware like routers or firewalls. This is in contrast to client VPNs, where a user connects to a site by means of some kind of application running on a computer.
