Site-to-site VPNs can connect businesses with multiple offices, facilitating safe file sharing. In this article, we'll explain how a site-to-site VPN works, how it differs from other kinds of VPN, and whether or not it's right for your business.
A site-to-site virtual private network (VPN) is a way to connect local area networks (LANs) in multiple locations across the public internet. It allows employees in different sites to securely share resources and information. This technology is often used by businesses or government agencies with multiple offices.
Site-to-site VPNs are essentially systems for creating secure wide area networks, or WANs. A WAN is any network of connected LANs, and most site-to-site VPNs are classed as WANs. Unlike other types of WAN, however, a site-to-site VPN connects multiple LANs with a secure VPN tunnel.
A site-to-site VPN works by connecting two or more LANs in multiple locations (two offices in two different cities, for example).
Imagine an office in City A, in which multiple employees are using a variety of devices: laptops, tablets, printers, and servers. The company has another office in City B, on the other side of the country, and wants devices in both sites to be able to communicate securely. They decide to set up a site-to-site VPN. What happens next?
The company sets up a VPN connection between gateways in both offices. In practical terms, these gateways will be internet routers set up to encrypt the data that passes through them. The gateway in the City A office is programmed to send data to the gateway in the City B office, and vice versa. When information is received at one of the gateways, it is decrypted and sent on to its intended recipient somewhere on the LAN.
Here is how this process looks in practice. An employee (let’s call them Joe) in the City A office wants to access information stored on a database in the City B office. Joe connects to the VPN gateway in City A and sends a request to the City B database. That request is encrypted as it travels between the offices before being decrypted and directed on to the City B database. The database sends the requested information back through the City B gateway. It travels via the encrypted tunnel to the City A gateway, where it is unencrypted and passed to Joe’s device.
A site-to-site VPN is different from a remote access virtual private network. A remote access VPN is the most common type of consumer virtual private network, the kind you might use on your phone or laptop for personal day-to-day privacy.
Remote access VPNs use a client/server model. The client is an application installed on your device that routes your internet activity through a server and encrypts your data as it travels between client and server. This is an effective way to protect your privacy online, shield the IP addresses of your devices, and limit the threat of man-in-the-middle attacks.
Site-to-site VPNs don’t use a client/server model. The tunnel of encryption runs between the gateways at each site, so a user doesn’t need to have a client on their device as long as they send and receive information through their VPN gateway.
Remote access VPNs can be used for businesses and larger organizations as well, of course. Employees might use a client on their device to access a specific company server, for example, where files and other network resources are housed. Many enterprises use both remote access VPNs and site-to-site VPNs.
Site-to-site VPNs offer a range of benefits for organizations of all sizes.
Site-to-site VPNs have some limitations that might make them unsuitable for some businesses.
Want to read more like this?
Get the latest news and tips from NordVPN.
A VPN can enhance the online privacy and data security of most businesses. NordLayer, one of the most effective B2B VPN solutions available, offers a variety of options to businesses of all sizes. If you choose the Nordlayer site-to-site VPN service, you can benefit from dedicated gateways for all of your LANs.
Even if you already have a networking solution — MPLS, for example — NordLayer can play a key role in your overall cybersecurity strategy. NordLayer also offers a client/server model, allowing organizations to securely share data and resources with workers both in and out of the office.
PRO TIP: If you're looking for a flexible security solution, try using a business-focused VPN, like NordLayer. These services can provide you with site-to-site systems, dedicated IPs, and secure client/server models for employees.
A site-to-site VPN keeps data private as it moves through the VPN tunnel. However, once that data moves beyond a gateway to the LAN on the other side, it is no longer protected by the site-to-site VPN.
There are two main types of site-to-site VPN.
An intranet site-to-site VPN links multiple sites through encrypted gateways. This is the model we discussed above, where a corporate network can be expanded to include multiple LANs.
An extranet site-to-site VPN links sites with a VPN connection but limits what each site can access. For example, if a company wanted to form a site-to-site VPN network with another organization to share resources for one specific project, they could use an extranet system. This would make only certain files and resources freely available to the other site.
VPN is a catch-all term for many different systems, including both site-to-site VPNs (used primarily as a corporate network solution) and remote access VPNs (often the choice of individual consumers).
Does a VPN slow down your internet? Yes, but a good VPN should reduce your speed by so little that it’s mostly imperceptible. With premium VPNs, the VPN passthrough is rapid enough that your internet experience won’t change for the worse.
Online security starts with a click.
Stay safe with the world’s leading VPN