IPsec provides a high level of security for Internet traffic between each pair 
of communicating hosts. IPsec requires complex and strict restrictions on the 
parameters related to IPsec itself and the payload traffic. For example, IPsec 
does not allow changes to most of the bits of IP and IPsec datagrams during 
communication. IPsec has many parameters that the communicating hosts must 
negotiate and agree with each other.
As a result IPsec VPN is not often suitable for a network that has redundant 
routes. This paper proposes a design method for highly redundant VPN using IPsec 
and a dynamic routing protocol (RIP or OSPF). This method maintains the security 
of IPsec while providing reliability through dynamic routing over redundant 
routes. To construct this network, this method utilizes a layer 2 tunneling 
protocol L2TPv2. This network uses L2TP to carry a routing protocol such as RIP 
or OSPF to automatically configure the routes. Another advantage of  this method 
is that this method allows each communicating 
hosts to be behind a NAT (Network Address Translator) with each host assigned a 
private IP address by using the IPsec NAT-T (NAT-Traversal) standard. The method 
is general enough so that it is possible to configure a network by using  
existing routers and hosts. In other words, this network does not need any 
networking devices that have non-standard functions.