We have just released a white paper which explains in detail the plans for Network Access Protection(NAP) to enforce the security of IPSEC clients. NAP will be a very powerful part of Windows Vista and the corresponding server operating system (currently referred to as Longhorn Server) which will make it possible to automatically assess the security health state of a client before allowing it to connect to your internal network. Machines which fail the health assessment will remain isolated from your internal network.
NAP relies upon a number of different enforcement agents – as you can read in the white paper the plan is for an agent for VPN, IPSEC, 802.1X and DHCP.
The white paper also provides a good summary of how IPSEC actually works right now on current versions of Microsoft Windows.