Site-to-site VPNs
A site-to-site VPN allows offices in multiple fixed location to establish a secure connection with each other over a public network, as shown in the following topology, with a lot of security measures bundled in. This enables the company's resources and data to be available to branch offices in other locations. For example, the server in the headquarters can be accessed securely by branch users:
The two sites, using their VPN edge devices, set up the IPSEC VPN tunnel, which includes security parameters such as encryption algorithm, hashing algorithm, and authentication. Once the tunnel is established, the data from the LAN of the head office would be sent through the secured tunnel to the LAN of the branch office.
There are two types of site-to-site VPN:
- Internet-based: When a company has several branches located in different areas and they wish to join all of them as one private network, then they can connect each LAN to a single WAN.
- Extranet-based: When a company has to work very closely with their partners, vendors, or customers, then they can have an extranet VPN to build a connection that would require LAN connectivity. In this scenario, they can work in a secured manner by ensuring that all the data required is accessible and it also prevents access to their internal network.