Ian has posted about a University in Brazil that has successfully deployed IPsec based network isolation to a thousand desktops in only two days! Ian links directly to a case study article that explains how they went about the task of segmenting their network.
IPsec is an oft misunderstood technology due to it's complexity - there's a great deal of guidance available on the subject as I've blogged about many times - type in "ipsec" in the search field to the left hand side of my blog to find out more - click here to see for yourself. Of course you can browse to the main IPsec area of the Microsoft website too.
As mentioned in earlier posts you can take advantage of Security Configuration Wizard's ability to implement IPsec based signing and encryption - there's blogcast showing you how to do so - click here to view it.