Yes, you can use a certificate provided by your internal certificate server. However, both SQL Server and the clients will have to trust the root CA. Of course, this should go without saying. Yes, IPSec, especially when combined with AD, can be used for secure communications.

The simplest solution for most folks is going to be the SSL solution. We actually have such a solution in place in one of our configs, but we are using a VeriSign issued certificate.