VPN Basics: Site-to-site VPN and Remote-access VPN

 Site-to-site VPN

A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. Site-to-site VPN extends the company's network, making computer resources from one location available to employees at other locations. An example of a company that needs a site-to-site VPN is a growing corporation with dozens of branch offices around the world.

In a site-to-site VPN, hosts do not have VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway(Example : Cisco ASA or Fortigate Firwall). The VPN gateway is responsible for encapsulating and encrypting outbound traffic, sending it through a VPN tunnel over the Internet, to a peer VPN gateway at the target site. Upon receipt, the peer VPN gateway strips the headers, decrypts the content, and relays the packet towards the target host inside its private network.

There are two types of site-to-site VPNs:

    Intranet-based -- If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect each separate LAN to a single WAN.

    Extranet-based -- When a company has a close relationship with another company (such as a partner, supplier or customer), it can build an extranet VPN that connects those companies' LANs. This extranet VPN allows the companies to work together in a secure, shared network environment while preventing access to their separate intranets.

Most VPNs rely on tunneling to create a private network that reaches across the Internet. Tunneling is the process of placing an entire packet within another packet before it's transported over the Internet. That outer packet protects the contents from public view and ensures that the packet moves within a virtual tunnel.This layering of packets is called "encapsulation"

Computers or other network devices at both ends of the tunnel, called tunnel interfaces, can encapsulate outgoing packets and reopen incoming packets.The tunnel interfaces are configured using tunneling protocol.The purpose of the tunneling protocol is to add a layer of security that protects each packet on its journey over the Internet.Even if a hacker got the packets they wont be able to read it

Remote-access VPN

A remote-access VPN allows individual users to establish secure connections with a remote computer network. For example, travelers and users working remotely  who need to access their company's network securely over the Internet can use remote access VPN. In a remote access VPN, every host must have VPN client software(Example : CIsco Anyconnect software) .

Whenever the host tries to send any traffic, the VPN client software encapsulates and encrypts that traffic before sending it over the Internet to the VPN gateway at the edge of the target network. Upon receipt, that VPN gateway behaves as described above for site-to-site VPNs. If the target host inside the private network returns a response, the VPN gateway performs the reverse process to send an encrypted response back to the VPN client over the Internet.


Post a Comment