What is a VPN on site?

When connecting branches to the main branch for use, not all companies need the range of functions of a VPN client. The VPNs of the site-2 are a good alternative here and are at least equally safe. Here you can find out how the VPNs of the site on site work and what to differ from the standard VPNs.

1. What is a VPN on site and how is it different from a «normal» VPN?

With a VPN at 2 sites of the site, offices in different (fixed) positions can create safe connections through a public network. To do this, the complete networks are connected to each other through an OpenVPN tunnel. Tunnel Endpoint can be, for example, a router, gateway, Windows Server or a software client. The VPN of the site-2 is therefore a sort of expansion of the corporate network, which guarantees the employee of the various locations, accesses the resources of one or more other locations.

A basic distinction is made between two types of VPN from site to site:

• TO VPN Site-2-Site based on Intranet If the company has one or more remote offices (with separate LAN), which are connected through a single private network (WAN).
• In one VPN site-2 site-2 extranet On the other hand, LANs are connected to each other by several companies. In this way, these can interact in a safe and common network environment and at the same time prevent access to their intranet.

The hosts inside the VPN site at 2 sites do not use client software, but send and receive normal TCP/IP traffic through a so -called Gateway VPN. This also deals with the capsule and encryption of external data traffic.

Explanation: AS’Capsule“In information technology, the stratification of the packages is mentioned in information technology.

So traffic via the VPN tunnel is sent via the network to an associated target gateway that The header has decrypted and the content of the package forwards to the destination host within the private network. All transferred information must be authenticated (with a digital signature or a digital certificate).

2. S2S-VPN tax: no additional configuration required

The VPN of the site on site are scalable, which means that the connections are invisible and guided through the central network without additional configuration. Therefore, it is practically easy enough to add a new branch or a new office to an existing network. Everything that must be released in the rules of the firewall for the WAN interface must be released only.

The most frequently used tunneling protocol in the VPNs of the site on site is IPSEC ESP (encapsulating the safety load). This is a «perforated» version of the IP protocol, which can also be found on the Internet and in most modern corporate networks. Alternatively, MPLS (switching of the multi-professional label) can also be used, which however does not offer encryption.

For remote access, PPTP (Point to Point Tunneling Protocol) or L2TP (level 2 tuning protocol) is used via IPSEC, which is also much safer than PPTP. In recent years, however, alternative solutions have increasingly established themselves on the basis of SSL. These use the web browser as VPN client, but usually still require additional components (e.g. Applet Java).

Further information on the DNS inolter within the VPNs of the site on site are available here.

Good to know: You can also buy VPN of the site-2 as a service and manage external specialists. This variant is particularly interesting for small and medium size that can/would be able to provide limited funds only as regards the staff and costs of the product or simply do not want to manage the administration of a VPN in general.

Some VPN types are also presented in the following video:

https://www.youtube.com/watch?v=uagbcoc-7a

(60 votes, media: 4.10 out of 5)

Loading …