Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Site-to-site VPN vs. remote-access VPNs: What's the difference?

Learn the differences between site-to-site VPNs vs. remote-access VPNs and find out about the protocols, benefits and the data security methods used to support each approach.

When choosing between a site-to-site VPN vs. remote-access VPNs, enterprises must consider the role they want their...

remote-access connectivity technology to play.

Site-to-site VPNs connect entire networks to each other -- for example, connecting a branch office network to a company headquarters network. In a site-to-site VPN configuration, hosts do not have VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway.

The VPN gateway is responsible for encapsulating and encrypting outbound traffic, sending it through a VPN tunnel over the internet to a peer VPN gateway at the target site. Upon receipt, the peer VPN gateway strips the headers, decrypts the content and relays the packet toward the target host inside its private network.

By comparison, remote-access VPNs connect individual hosts to private networks -- for example, travelers, teleworkers and mobile users who need to access their company's internal network securely over the internet.

In a remote-access VPN, every host accessed by remote users must have VPN client software. Whenever the host tries to send any traffic, the VPN client software encapsulates and encrypts that traffic before sending it over the internet to the VPN gateway at the edge of the target network.

Upon receipt, that VPN gateway behaves just like site-to-site VPNs. If the target host inside the private network returns a response, the VPN gateway performs the reverse process to send an encrypted response back to the VPN client over the internet.

IPSec vs. SSL VPNs

Remote-access VPN security protocols

Security is an important factor in choosing between a site-to-site VPN vs. remote-access VPNs. The most common secure tunneling protocol used in site-to-site VPNs is the IPsec Encapsulating Security Payload, an extension to the standard IP security standard used by the internet and most corporate networks today. Most routers and firewalls now support IPsec, and it can be used as a VPN gateway for the private network behind them. Another site-to-site VPN protocol is MPLS, although MPLS does not provide encryption.

Remote-access VPN configuration protocols are more varied, ranging from the Point-to-Point Tunneling Protocol to IPsec alone. These approaches require VPN client software on every host, as well as a VPN gateway that supports the same protocol and options or extensions to provide access to remote users.

An alternative to IPsec VPNs are Secure Sockets Layer (SSL) VPNs. These are often referred to as clientless in that they do not require the use of specialized software on the user's computer. In an SSL VPN, the remote user connects to the network through a web browser. Information is encrypted either with SSL or the Transport Layer Security protocol.

Benefits of site-to-site VPNs

Site-to-site VPNs connect individual networks to each other, so they are well-suited for organizations with multiple locations. Information can be sent securely through site-to-site VPNs, and they can also handle mission-critical traffic, such as VoIP communications, that require low latency and good quality of service.

Site-to-site VPNs also offload encryption and processing overheads from host PCs or devices to a separate security or router component. Additionally, they reduce the need for users to constantly log in or log out of a VPN connection.

Benefits of remote-access VPNs

Remote-access VPNs enable remote users to connect to the corporate network from any location, which makes them beneficial for enterprises with employees and customers who are highly mobile. Data transmitted through remote-access VPNs is encrypted, which means remote users can take advantage of public Wi-Fi connections or other places where traffic isn't generally secured.

Next Steps

How to build an enterprise VPN

IPSec versus SSL: What are the risks?

What to know about VPN termination

This was last published in December 2018

Dig Deeper on Network Security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What are your concerns about using SSL VPNs?