Hi there,
both methods are used to tunnel IPSec through a device breaking IPSec otherwise. Those devices could be NAT, PAT or proxies. Now not every proxie might be able to handle UDP properly or allow it, so you might go for IPSec over TCP. The standard NAT-T used to pass through NAT/PAT is using UDP 4500 - not configurable.
So there are two components: the device you pass through and the device terminating IPSec. a combination of each capabilities will determine what to use.
Hope this helps.
Martin