Network security

Site-to-Site VPN vs. Remote Access VPN: which one to use?


Site-to-Site VPN vs Remote Access VPN

Hassle-free file sharing and secure networking are the cornerstones of most businesses’ daily operations, and remote access capabilities allow that. 

Let’s look into the two main types of business VPN implementations: remote access VPN and site-to-site VPN — the tech behind them and best use cases.

Networking 101

Before we get into the nuts and bolts of VPNs or Virtual Private Networks, let’s refresh our memory on the fundamental LAN and WAN connectivity principles.

LAN or Local Area Networks are a collection of devices connected in a single small-scale physical location. For example, all devices in your home connected to a single router constitute your home LAN.

A WAN is a combination of various LANs, allowing its users to connect devices across great distances. The internet can be considered the world’s largest WAN.

Some WANs are public, while others can be private, i.e., a business may purchase personal lines to connect their office branches. It can be costly to set up as physical fiber optics cables would have to be routed. It’s a safe but not genuinely viable solution for most companies.

How does a VPN work?

A VPN, therefore, stands as a workaround that uses the public internet to extend its WAN without the added cost that would involve setting up physical cables.

Since the public internet is open to anyone, this can also be a source of cyber threats, so VPN adds a safety layer with encryption. It scrambles the online traffic into unintelligible language, makes it harder for outsiders to access your internal network, and makes it easier to share data and other resources among your employees through secure channels.

However, there are several methods of setting up VPN channels like a setup in a business setting. Site-to-site VPNs and remote-access VPNs are the most frequently used methods, but they’re best suited to different functions. Therefore, we will break both site-to-site and remote access types for you.

What is a Site-to-site VPN?

Site-to-site VPN is an encrypted connection between two networks, which could look like several offices creating a shared network or connecting to a central hub that provides hosted resources in a business environment.

Let’s get back to our discussion about LANs and how they can extend private networks over the internet. Well, suppose you have two separate offices with two routers. What you would be doing is creating a permanent VPN connection between two sites, joining two different LAN networks into one (which, in a sense, could also be called WAN). As the name implies, this connection method is known as site-to-site VPN.

It’s beneficial if your enterprise has a lot of in-house resources. I.e., one branch has an email server, another stores data, etc. With site-to-site, it’s possible to give every department access to each hosted resource separating from third-party providers.

Though there are two types of site-to-site connections — they can be either intranet-based or extranet-based.

Intranet-based Site-to-Site

Intranet-based site-to-site connections securely combine company LANs into a WAN. The setup functions as if all devices are in the same physical location. However, they could be miles apart.

It is useful when each particular site has something that needs to be accessed by the remaining branches. For instance, imagine that one component is producing the blueprints, another is manufacturing them, and others are marketing and selling them. That way, each department can access its data to coordinate its actions.

Extranet-based Site-to-Site

Extranet-based site-to-site VPNs are different from intranet-based VPNs because it shares only some of the resources while keeping others private. Each site decides what resources they want to share in this setup and which branches. 

Site-to-site is helpful when coordinating actions with contractors or clients when you want to share some of the data but keep your other client files and information concealed.

What is a Remote-Access VPN?

Remote access VPN connects individual users to specific host networks. This connection is temporary rather than permanent and is used by remote employees accessing files in the central hub.

Every accessed host must have matching VPN software set up in a remote access setting. When the traffic travels from the users’ computer, VPN software encrypts it before routing it through the internet then decrypts it after reaching the target, and this process happens back and forth for the whole session.

It simulates the user inside the company’s LAN without them needing to be on-premises. Remote access VPN requires either NAS (Network Access Server) or VPN gateway for authentication, so only authorized connection would be allowed.

Aside from business use cases, the same setup applies to most consumer VPN products. They work by providing numerous anonymized public gateways scattered around the world for a subscription fee to use their infrastructure.

Main differences between Site-to-Site VPN and Remote Access VPN

Both setups provide means to access the information on your LAN. It allows the internet to connect remotely to the internal server to retrieve and upload sensitive data securely.

Let’s compare both methods side by side to illustrate their differences further.

Site-to-Site VPN vs Remote Access VPN Comparison

When should you use a Site-to-Site VPN and a Remote Access VPN?

It’s important to know that IT admins can set up both site-to-site and remote access VPN simultaneously. However, it can be more practical to pick only the implementation if you need it for a particular purpose.

Remote access VPNs are the go-to solutions when allowing employees the flexibility to work from anywhere. Adding secure logins combined with inbound and outbound traffic encryption secures the company network. The whole deployment needed on the user’s end is usually just installing the VPN client itself or set up manual configuration with built-in capabilities.

Site-to-site VPN works best when deployed on-site, and every employee is sharing a great deal of data locally. It works best for corporations having several offices and need to connect them in one locally held server bank. However, it also means that an employee could access it by going to the office.

How can NordLayer help? 

What we didn’t touch up until now are downsides. Site-to-site VPN requires deployment that can take months to complete. It can also cost a great deal as large corporations get the exact pricing as small to medium enterprises.

While remote access VPN solutions are cheaper, you might quickly find out that these days only having a VPN doesn’t guarantee that your employees will remain safe. In this day and age, when data breaches are becoming more frequent, you need every bit of additional reassurance. Enter NordLayer.

NordLayer provides a secure access service edge providing a hybrid of site-to-site VPN and remote access that we discussed here. It also adds Zero Trust policy segmentation minimizing the risks that allowing remote connections will backfire. 

Consolidating SD-WAN and network point security technologies, NordLayer addresses modern business needs by providing a synthesis of flexibility and security. Their additional features contribute to the overall network’s health and safety when working remotely or in the office.


Senior Creative Copywriter


Share this post

Related Articles

Outsourced vs in house Cybersecurity Pros and Cons

Stay in the know

Subscribe to our blog updates for in-depth perspectives on cybersecurity.