📖 What is Site-to-Site VPN?
A Site-to-Site VPN is a permanent encrypted connection between two separate networks, typically connecting a branch office to a central corporate headquarters. It uses a VPN gateway at each site to tunnel traffic securely over the public internet.
"Ensure you distinguish this from Remote Access VPNs. Site-to-Site is for office-to-office; Remote Access is for user-to-office."
📚 Certification: CompTIA Network+ Certification Exam (N10-009)
🔑 What are the Key Concepts of Site-to-Site VPN?
- ▸ IPsec is the primary protocol suite used, providing authentication, integrity, and confidentiality through encryption and tunneling mechanisms.
- ▸ VPN Gateways, such as firewalls or routers, manage the encryption process, making the connection transparent to the end-user devices.
- ▸ Tunneling encapsulates the original data packet inside a new IP packet, allowing private network traffic to traverse the public internet.
- ▸ These connections are typically 'always-on,' providing a permanent bridge between two fixed locations rather than a session-based user connection.
- ▸ Routing configurations, including static routes or BGP, are essential to direct traffic from the local subnet into the VPN tunnel.
🎯 How does Site-to-Site VPN appear on the N10-009 Exam?
You may be asked to recommend a connectivity solution for a company that needs to securely link a new branch office to the headquarters over the public internet while ensuring all traffic is encrypted.
A scenario might describe a need to connect two entire corporate subnets without requiring individual users to launch client software. You must distinguish this from a remote access VPN and select site-to-site.
Expect questions where you must identify the correct device for tunnel termination, such as a firewall or router, acting as the VPN gateway to handle encryption for the entire local network.
❓ Frequently Asked Questions
What is the main difference between a Site-to-Site VPN and a Remote Access VPN?
Site-to-Site connects two entire networks via hardware gateways, making it transparent to users. Remote Access connects a single device to a network using a software client, typically for remote workers.
Does a Site-to-Site VPN provide the same performance as a dedicated leased line?
No, because it relies on the public internet, performance can vary. A leased line provides guaranteed bandwidth and lower latency, whereas a VPN is more cost-effective but subject to internet congestion.