IPSec policies are stored and available for domain-wide access. When you create an IPSec policy in one GPO, you can edit other GPOs in a site, domain, or OU and assign the IPSec policy within those GPOs as well.
Within Active Directory domains and on local computers, there are three default IPSec policies:
Server (Request Security). Any server processing this policy will request secure communications from all clients. Secure communications will not be required, however, if a client does not support it. For example, Windows NT 4.0 clients are not IPSec-aware and cannot support IPSec.
Client (Respond Only). Any client processing this policy will communicate unsecured normally ...