Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How do site-to-site VPN configuration and remote-access VPNs vary?

Learn the difference between a site-to-site VPN and a remote-access VPN, as well as the protocols used for each one.

Site-to-site VPNs connect entire networks to each other -- for example, connecting a branch office network to a...

company headquarters network. In a site-to-site VPN configuration, hosts do not have VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway. The VPN gateway is responsible for encapsulating and encrypting outbound traffic, sending it through a VPN tunnel over the internet to a peer VPN gateway at the target site. Upon receipt, the peer VPN gateway strips the headers, decrypts the content and relays the packet toward the target host inside its private network.

Remote-access VPNs connect individual hosts to private networks -- for example, travelers and teleworkers who need to access their company's network securely over the internet. In a remote-access VPN, every host must have VPN client software. Whenever the host tries to send any traffic, the VPN client software encapsulates and encrypts that traffic before sending it over the internet to the VPN gateway at the edge of the target network. Upon receipt, that VPN gateway behaves just like site-to-site VPNs. If the target host inside the private network returns a response, the VPN gateway performs the reverse process to send an encrypted response back to the VPN client over the internet.

IPSec vs. SSL VPNs
IPSec vs. SSL VPNs

Remote-access VPN protocols

The most common secure tunneling protocol used in site-to-site VPNs is the IPsec Encapsulating Security Payload, an extension to the standard IP used by the internet and most corporate networks today. Most routers and firewalls now support IPsec, and it can be used as a VPN gateway for the private network behind them. Another site-to-site VPN protocol is MPLS -- although, MPLS does not provide encryption.

Remote-access VPN protocols are more varied, ranging from the Point-to-Point Tunneling Protocol to IPsec alone. These approaches require VPN client software on every host, as well as a VPN gateway that supports the same protocol and options or extensions for remote access.

An alternative to IPsec VPNs are Secure Sockets Layer (SSL) VPNs. These are often referred to as clientless in that they do not require the use of specialized software on the user's computer. In an SSL VPN, the user connects to the network through a web browser. Information is encrypted either with SSL or the Transport Layer Security protocol.

Next Steps

How to build an enterprise VPN

IPSec versus SSL: What are the risks?

This was last published in October 2016

Dig Deeper on IP Networking

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What are your concerns about using SSL VPNs?