Georges, good question .. there are various scenarios where L2 and L3 encryption architecture are implemented, indeed each one has advantanges and disadvantages over each other but each must be chosen based on WAN/MAN architectures.
It seems to me your client currently have ipsec tunnels in a hub and spoke setup, are the links private lease lines? or are the links regular internet links going via public network, if regular internet links Ipsec L3 encryption is the choice, private leased lines are the most common candidates for l2 encryption.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...