Many organizations have multiple physical sites, each with their own corporate local area network (LAN). While geographically separated, these multiple sites need a single corporate WAN to support secure cross-site communication.
A site-to-site Virtual Private Network (VPN) provides this by creating an encrypted link between VPN gateways located at each of these sites. A site-to-site VPN tunnel encrypts traffic at one end and sends it to the other site over the public Internet where it is decrypted and routed on to its destination.
Site-to-site VPNs are in use by many organizations. The reason for this is that they provide a number of benefits to enterprises and their employees, such as:
Site-to-site VPNs are effective at providing secure connectivity between multiple business sites. However, they are not a perfect solution and have their limitations, such as:
Implementing site-to-site connections is not the only application of a VPN. Another common application of VPN technology is providing secure network access to remote users.
In this scenario, the remote user runs a VPN client that connects it to a VPN gateway within the enterprise network (the same as one end of a site-to-site VPN tunnel). As with site-to-site VPNs, a remote access VPN provides data encryption for traffic flowing over the public Internet between the remote user and the corporate network. This has the benefits of protecting confidentiality, providing a user experience similar to being directly connected to the corporate LAN, and ensuring that all business traffic flows through the corporate network for security inspection before being permitted to continue on to its destination.
Site-to-site VPNs are a solution designed when the majority of a company’s employees and IT infrastructure were located at these physical sites. With the move to cloud computing and remote work, companies require a networking solution that is not so tied to physical sites. Secure Access Service Edge (SASE) replaces VPN endpoints with cloud-based SASE appliances. Each of these SASE nodes includes an integrated security stack and SD-WAN functionality, enabling traffic to be optimally routed between nodes. Additionally, SASE integrates software-defined perimeter (SDP) capabilities, enabling organizations to easily and effectively implement zero trust network access.