What is Site-to-Site VPNs?
Site-to-site VPNs securely connect entire organisation networks together; e.g. site-to-site VPNs can be used to connect a branch or remote office network to a company headquarters network. It allow multiple locations to securely connect to each other over the internet, creating a virtual network that spans across different physical sites.
This type of VPN is commonly used by businesses with multiple offices or branches that need to communicate and share data in a secure and private manner.
Each site is equipped with a VPN gateway, such as a router, firewall, VPN concentrator, or security appliance.
In the figure below, a remote branch office uses a site-to-site VPN to connect with the corporate head office.
Telecommuter hosts send and receive TCP/IP traffic through a VPN gateway, which could be a router or a PIX firewall appliance.
The VPN gateway is responsible for encapsulating and encrypting all outbound traffic from a particular site and sending it through a VPN tunnel over the Internet to a peer VPN gateway at the target site. On receipt, the peer VPN gateway strips the headers decrypts the content and relays the packet toward the target host inside its private network.
Site-to-Site VPN
There are two types of site-to-site VPN:
Intranet and Extranet VPN.
Intranet VPN: This is a type of site-to-site VPN that connects all the computer/networking devices at two sites of the same organization, usually using one VPN device at each site. Intranet VPNs are commonly used by organizations to securely connect their different office locations and allow for seamless communication and data sharing between teams. This type of VPN ensures that all data transmitted between the sites remains encrypted and private, providing a high level of security for internal communication..
Extranet VPN: This is a type of site-to-site VPN that connects all the computer/networking devices of a different but partnering organization, usually using one VPN device at each site. Extranet VPNs are commonly used by businesses that need to securely share information and resources with external partners, suppliers, or customers. By establishing a secure connection between the two organizations, extranet VPNs allow for seamless collaboration and data exchange while maintaining strict security measures. This type of VPN is essential for organizations that require a high level of confidentiality and data protection in their communications with external parties.
To build a VPN, one device at each site needs to have hardware/software that understands a chosen set of VPN security standards and protocols.
The devices include the following:
Routers: In addition to packet forwarding, the router can provide VPN functions. The router can have specialized add-on cards that help the router perform the encryption more quickly.
Adaptive Security Appliances (ASA): The Cisco leading security appliance that can be configured for many security functions, including acting as a VPN concentrator, and supporting large numbers of VPN tunnels.
VPN client: For remote-access VPNs, the PC can be configured to do the VPN functions; the laptop needs software to do those functions, with that software being called a VPN client.
Generally, when comparing VPNs to other WAN technologies, VPNs have several advantages. For instance, consider an organization with more than 500 small retail locations. The organization could create a private WAN using leased lines, Frame Relay, Ethernet WAN, Multiprotocol Label Switching (MPLS), and so on. However, each branch could instead have an Internet connection and use VPN technology, usually saving money over the other WAN options.