A lot of people think IPSec is complicated.
It's actually pretty easy to implement and manage, and can bring extra ammunition to your defence in depth strategy to help protect critical systems, or to reduce the threat of malware or viruses.
The main reason customers I work with are shy to implement IPSec is because they feel that if they implement it incorrectly, they could cause an outage on their network by making systems inaccessible. We've released a "simple policy" update which mitigates against this. This update enables machines to fallback to not using IPSec in the event that your policy is wrongly configured, which in turn reduces the number of IPSec rules you need to implement.
More information is here - check it out.