Site-to-site VPNs connect entire networks to each other -- for example, connecting a branch office network to a...
company headquarters network. In a site-to-site VPN configuration, hosts do not have VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway. The VPN gateway is responsible for encapsulating and encrypting outbound traffic, sending it through a VPN tunnel over the internet to a peer VPN gateway at the target site. Upon receipt, the peer VPN gateway strips the headers, decrypts the content and relays the packet toward the target host inside its private network.
Remote-access VPNs connect individual hosts to private networks -- for example, travelers and teleworkers who need to access their company's network securely over the internet. In a remote-access VPN, every host must have VPN client software. Whenever the host tries to send any traffic, the VPN client software encapsulates and encrypts that traffic before sending it over the internet to the VPN gateway at the edge of the target network. Upon receipt, that VPN gateway behaves just like site-to-site VPNs. If the target host inside the private network returns a response, the VPN gateway performs the reverse process to send an encrypted response back to the VPN client over the internet.
Remote-access VPN protocols
The most common secure tunneling protocol used in site-to-site VPNs is the IPsec Encapsulating Security Payload, an extension to the standard IP used by the internet and most corporate networks today. Most routers and firewalls now support IPsec, and it can be used as a VPN gateway for the private network behind them. Another site-to-site VPN protocol is MPLS -- although, MPLS does not provide encryption.
Remote-access VPN protocols are more varied, ranging from the Point-to-Point Tunneling Protocol to IPsec alone. These approaches require VPN client software on every host, as well as a VPN gateway that supports the same protocol and options or extensions for remote access.
An alternative to IPsec VPNs are Secure Sockets Layer (SSL) VPNs. These are often referred to as clientless in that they do not require the use of specialized software on the user's computer. In an SSL VPN, the user connects to the network through a web browser. Information is encrypted either with SSL or the Transport Layer Security protocol.
How to build an enterprise VPN
IPSec versus SSL: What are the risks?
Dig Deeper on IP Networking
Related Q&A from Lisa Phifer
Understanding the functions of a wireless access point vs. wireless router will help you deploy the right device for the right circumstance.continue reading
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ...continue reading
New and improved management features have made Android devices more suitable for enterprise use, and API and EMM tools can streamline the device ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.