Site-to-Site VPNs
Site-to-site VPNs (intranet VPNs) allow an organization to securely connect two or more remote sites (networks) together over the internet.
- aka router-to-router VPN
- configured to operate automatically
- gateways exchange security information using whichever protocol the VPN is based on
- establishes a trust relationship between the gateways
- sets up a secure connection through which to tunnel data
- Hosts at each site do not need to be configured with any information about the VPN
- routing infrastructure at each site determines whether to deliver traffic locally or send it over the VPN tunnel
- referred to as compulsory tunneling
- can be put in place:
- permanently (static)
- based on the data or client type (dynamic)
- can be put in place:
- referred to as compulsory tunneling
- routing infrastructure at each site determines whether to deliver traffic locally or send it over the VPN tunnel
Info
- VPNs are not always established over the public Internet
- A WAN service provider can implement VPNs via its network
- provider can use VLAN-like technology to isolate a customer’s data from other traffic
- common model for site-to-site VPNs
Info
- VPNs can be usefully deployed on local networks as a type of network segmentation
- e.g., the department for product development might need to provide secure communications with SCADA workstations in an industrial internet of things (IIoT) segment