IPSec (Internet Protocol Security protocol) handles authentication and encryption of data packets. Authentication is the process of making sure that the message you receive really originates from the right sender, and that it hasn't been corrupted during transmission. Authentication also protects against resending of packets. Encryption is the process of distorting data so that only the desired receiver can read the message.
A thorough description of IPSec can be found in RFC 2401.
IKE is a protocol for handling key exchanges between peers. IKE is an adaption for IPSec of the general key exchange protocol ISAKMP. Thorough descriptions of ISAKMP and IKE can be found in RFC 2408 and RFC 2409, respectively.
The key exchange has two phases; first, a secure channel for key management is created, and second, the peers exchange parameters for IPSec. The result is an SA (Security Association).
Phase one is performed in either Main Mode or Aggressive Mode. Aggressive Mode is slightly faster, but will reveal the identities of the parts involved. Main Mode requires more traffic during the connection phase, but the identities of both parts will remain concealed. Both modes generate the same level of secure encryption of the message. Ingate Firewall always uses Main Mode.