I've been dealing with this issue for about two weeks, and, unfortunately, you have two options, depending on the depth of control you need:
1) Direct manipulation with WMI. Counter-intuitively, this actually exposes LESS control than option #2 (which is what I am doing myself). This is all done through the Win32_NetworkAdapterConfiguration class. Here's a link to the question I asked about this, with my response to it awhile later after researching it:
http://stackoverflow.com/questions/1609882/methods-of-programatically-altering-ipsec-rules-with-c
This exposes less functionality because you can only control three things through IPsec for the adapters: TCP ports, UDP ports, IP Protocols. (You cannot deal with multiple policies, different subnet masks, etc.)
2) Wrapping netsh ipsec to do all your dirty work. This is the way to go, as powershell (which can be invoked through the PowerShell class in System.Management.Automation) is currently lacking a cmdlet to do IPSec changes.
http://stackoverflow.com/questions/1703205/is-there-a-cmdlet-in-powershell-2-to-handle-ipsec-changes
Wrapping netsh ipsec THROUGH a powershell pipeline called through System.Management.Automation.PowerShell is what I ended up doing.
Use either System.Diagnostics.Process to spawn and control a shell, or use the PowerShell class as mentioned above. Either should get the job done.
NOTE
If you switch to 2008 at some point, note that netsh ipsec is deprecated, and make sure to use netsh advfirewall instead.
Good luck!