My company is looking at VPN options. Are there any benefits to using a site-to-site VPN over a traditional VPN...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Yes, there are benefits to using a site-to-site VPN over a traditional VPN client. Here are four of them.
First, a site-to-site VPN secures connections when you use it with IPsec. All traffic is encrypted as it begins the journey through the tunnel from one site to another. The site-to-site VPN tunnel shuts out hackers, viruses and malicious content from the sea of internet monsters. All traffic must have a digital signature (digital certificate) authentication as its "ticket" to ride in the tunnel. To get the authentication, a public key infrastructure (PKI) must be deployed. Internet Key Exchange, which is usually associated with the IPsec protocol, is not as strong as the PKI.
Second, a site-to-site VPN is scalable. It is easy to add a new site or another office branch to the network. When you decide to relocate a remote office or site, it is nearly painless to set up the VPN at the new location. You won't need to have each of your 1,000 computers run VPN client software as if they were on a remote access VPN.
If you need to have greater scalability than a standard IPsec tunnel can offer, you can use dynamic multipoint VPN (DMVPN) technologies, such as Cisco's DMVPNs or Brocade's vRouter series. A DMVPN can create a secure network between two branch offices without having to route the traffic through the enterprise's network.
Third, a site-to-site VPN can be configured to lower latency in the network. You can combine IPsec with a bucket of protocols, such as multiprotocol label switching (MPLS). Standard IPsec doesn't provide support for multiprotocol and IP multicast traffic. Also, it's important to note that MPLS doesn't handle encryption.
Finally, a site-to-site VPN can be run as a managed service by a managed security service provider. This may be a less costly option for smaller companies that don't have the budget to invest in security products and the staff to manage them. Choose this option if you don't want to be bothered with the hassle of setting up a site-to-site VPN on your own.
Read more on the differences between Generic Routing Encapsulation tunnels and IPsec tunnels
Find out how the managed security service provider model is changing
Learn about out-of-band management for enterprise networks
Dig Deeper on VPN security
Related Q&A from Judith Myerson
A botnet-based local file inclusion attack targeted IBM X-Force customers. Expert Judith Myerson explains how these attacks work and how enterprises ...continue reading
The NIST published guidance on building up platform firmware resiliency. Expert Judith Myerson looks at the NIST guidelines and the major takeaways ...continue reading
With a port swapping attack, hackers can bypass two-factor authentication and control a victim's mobile device. Judith Myerson explains how the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.