I wonder if I can implement IPSec (L3 protocol) over L2 WAN technologies such as frame-relay or ATM?
The decision whether to use a dedicated link within the organization or to use routing over the Internet is a somewhat complex decision and there are many factors to be considered. Some of these factors include the difference in having a link where you have 100% of the resource or having a link where you share the resource with others.
Another consideration may be reliability and ease of troubleshooting. With a Frame Relay link if there is a problem it is easier to find and you know exactly who is responsible to fix it if there is a problem. With a link through the Internet it gets complex. I have a customer who uses Internet based VPNs to get to a number of remote locations. Recently there was a remote location that was down for hours and hours because some provider in the Internet was having problems in their network. It was very difficult to identify exactly what the problem was and even more difficult to determine who should have responsibility for it. In many cases an organization will consider factors such as this and determine that it is worth the larger expense to get something like Frame Relay.
So how much is it worth to your organization to increase the reliability and to have someone who is clearly accountable when there is a problem?