Site-to-Site VPN
What is Site-to-Site VPN?
Site-to-Site VPNA persistent encrypted tunnel between two networks — typically branch offices, data centers, or cloud VPCs — that lets hosts on each side reach each other transparently.
A site-to-site VPN connects two routed networks through gateways that build a cryptographic tunnel across an untrusted network, so endpoints behind them communicate as if directly linked. Implementations are most often IPsec (IKEv2) in tunnel mode, sometimes complemented by GRE or modern alternatives like WireGuard. Configuration involves matching cryptographic suites, defining traffic selectors (which subnets are tunneled), and exchanging pre-shared keys or certificates. Site-to-site VPNs are heavily used for hybrid-cloud connectivity, branch-to-headquarters links, and disaster recovery, often paired with dynamic routing protocols such as BGP for failover.
● Examples
- 01
An IPsec tunnel linking an on-premises data center to an AWS VPC for hybrid workloads.
- 02
Multiple branch offices linked to headquarters via IKEv2 tunnels with BGP failover.
● Frequently asked questions
What is Site-to-Site VPN?
A persistent encrypted tunnel between two networks — typically branch offices, data centers, or cloud VPCs — that lets hosts on each side reach each other transparently. It belongs to the Network Security category of cybersecurity.
What does Site-to-Site VPN mean?
A persistent encrypted tunnel between two networks — typically branch offices, data centers, or cloud VPCs — that lets hosts on each side reach each other transparently.
How do you defend against Site-to-Site VPN?
Defences for Site-to-Site VPN typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Site-to-Site VPN?
Common alternative names include: Gateway-to-gateway VPN, Network-to-network VPN.