As you say, using one ASA and the central location would cause a single point of failure.
Having 3 L2L VPN connection would mean that the 2 locations would be able to communicate with eachother even though one failed. (Naturally might be true in the other case too if the failed device/connection wasnt the central one)
All of the environments where I work are using a separate central VPN device which handles the traffic between all the sites BUT usually those sites are all only dependant on the central site anyway and have no real need to be in contact with eachother.
In most cases the central site has redundant devices and connections though so its very rarely the case that the connections are ever totally down (in our setups that I'm referring to)
Setting up some 3rd party devices for my Fire and Rescue trucks that will VPN back to our FPR-2110. I can blatantly see what's going on with the IKEv2 platform and protocol debugs on. It's selecting the wrong dynamic map!IKEv2-PLAT-4: (32): Cry...
On January 22, 2020, the Cisco Product Security Incident Response Team (PSIRT) disclosed a vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC). The vulnerability could allow an unauthenticated, remote attac...
Meet the Authors Event - A Cybersecurity Deep Dive with Omar Santos
(Live event – Thursday, January 23rd, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 23rd, January 2020 at 10hrs PDT
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...