Site-to-Site VPN Access Explained with Examples

By | 9th November 2015

Types of VPN access:

Site-to-site VPNs and Remote-access VPNs

Site-to-Site VPNs

Site-to-site VPNs connect entire networks to each other, this means, site-to-site VPN can be used to  connect a branch or remote office network to a company headquarters network. Each site is equipped with a VPN gateway, such as a router, firewall, VPN concentrator, or security appliance.

In the figure below, a remote branch office uses a site-to-site-VPN to connect with the corporate head office.

A telecommuter hosts send and receive TCP/IP traffic through a VPN gateway, which could a router or a PIX firewall appliance.

The VPN gateway is responsible for encapsulating and encrypting all outbound traffic   from a particular site and sending it through a VPN tunnel over the Internet to a peer VPN gateway at the target site. On receipt, the peer VPN gateway strips the headers, decrypts the content, and relays the packet toward the target host inside its private network.



                                                       Site-to-Site VPN

Types of VPN Access

To build a VPN, one device at each site needs to have hardware/software that understands a chosen set of VPN security standards and protocols.

The devices include the following:
Routers: In addition to packet forwarding, the router can provide VPN functions. The router can have specialized addon cards that help the router perform the encryption more quickly.
Adaptive Security Appliances (ASA): The Cisco leading security appliance that can be configured for many security functions, including acting as a VPN concentrator, supporting large numbers of VPN tunnels.
VPN client: For remote-access VPNs, the PC can be configured to do the VPN functions; the laptop needs software to do those functions, with that software being called a VPN client.
Finally, when comparing VPNs to other WAN technologies, VPNs have several advantages. For instance, consider a company with 1000 small retail locations. The company could create a private WAN using leased lines, or Frame Relay, Ethernet WAN, Multiprotocol Label Switching (MPLS), and so on. However, each branch could instead have an Internet connection and use VPN technology, usually saving money over the other WAN options.




Remote Access VPN

Site by Site VPN

Leave a Reply

Your email address will not be published. Required fields are marked *