Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
1
Replies

site-to-site ASA 5500

Damir Reic
Level 1
Level 1

‎12-06-2012 12:24 AM

I have 3 sites which need to be connected with a site-to-site VPN tunnel and all internal networks between them should be routable.

Do i need 2 (i have single point of failure, if the "central" one dies i loose connectivity between all 3 sites) or 3 tunnels (each ASA is connected to another 2) ?

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎12-06-2012 12:39 AM

Hi,

As you say, using one ASA and the central location would cause a single point of failure.

Having 3 L2L VPN connection would mean that the 2 locations would be able to communicate with eachother even though one failed. (Naturally might be true in the other case too if the failed device/connection wasnt the central one)

All of the environments where I work are using a separate central VPN device which handles the traffic between all the sites BUT usually those sites are all only dependant on the central site anyway and have no real need to be in contact with eachother.

In most cases the central site has redundant devices and connections though so its very rarely the case that the connections are ever totally down (in our setups that I'm referring to)

- Jouni

0 Helpful
Customers Also Viewed These Support Documents