NIST has published Special Publication 800-77 Revision 1, "Guide to IPsec VPNs"
Internet Protocol Security (IPsec) is a network layer security control used to protect communications over public networks, encrypt IP traffic between hosts, and create virtual private networks (VPNs). A VPN provides a secure communication mechanism for data and control information between computers or networks, and the Internet Key Exchange (IKE) protocol is most commonly used to establish IPsec-based VPNs.
Since the original publication of NIST Special Publication (SP) 800-77 in 2005, IPsec and IKE protocols have been enhanced, and much operational experience has been gained from the security solutions deployed.
This revision, SP 800-77 Revision 1, contains new security and cryptographic recommendations and requirements with a focus on how IPsec provides network layer security services. The document also describes how organizations can implement IPsec, IKE, and their alternatives under varying circumstances.