The IPSec pieces - SA

SAs (Security Associations)

Provides rules that say what to do with packets
Map a connection (src:port dest:port) to IPSec settings, such as 

Authentication method
Crypto key
Crypto algorithm
Sequence number

SAs usually negotiated via IKE exchanges.