Managed IT

What Is a Site-to-Site VPN?

A site-to-site VPN keeps data being sent between two networks encrypted and safe - without the users on those networks having to use client apps or encrypt the data themselves. Learn how S2S VPNs work and if one might be right for you here.

Blog Post

11 minute read

Jan 11, 2024

The Channel Tunnel, an undersea tunnel connecting England to France, can be used to send resources from an office in Paris to one in London. Much like this tunnel, site-to-site virtual private networks (VPN) are used to transmit encrypted information safely from one site to another.

A VPN is a setup where a safe and seemingly private network is established by encrypting data over a public network, usually the Internet. Site-to-site VPN (also sometimes written as S2S) is a specific type of VPN that keeps data encrypted between two networks without needing credentials or client apps on devices using it.

Site-to-site VPN is an important tool for many organizations worldwide. Businesses use it to connect two or more locations. For example, a site-to-site VPN would allow a company’s headquarters in Lake Forest, IL to connect to a smaller branch in Los Angeles, CA.  

Due to the rise of remote work and eLearning, businesses take advantage of this tech to share information securely. The VPN services market is expected to reach $92.6 billion by 2027, according to Grand View Research.

Managed IT services can include the setup and management of VPNs. To explore the benefits for your company, access Impact's eBook, Does Your Business Need a Managed IT Service Provider?

How Do Site-to-Site VPNs Work?

When you use the internet with a regular connection through a router, your data has fewer barriers around it.

The public internet is a vast ocean of data, users, and networks which can all interact with each other.  This isn’t necessarily a problem, but it does mean a malicious actor looking to access sensitive data would have less obstacles to do so.  

VPNs started out as a way for businesses to protect themselves, and that continues to be their primary purpose today. Since they create “tunnels” between two networks, site-to-site VPNs go directly from one location to another, and the only people who can see the data being transferred are users logged onto the network.  

The VPN uses gateways at each location which encrypt all traffic that passes through them. All traffic (data) has to be encrypted at the gateway, which is solely responsible for protecting the data and sending it through the tunnel to the other side.  

When inbound traffic is received, it is decrypted, and data packets are sent on to the target host—such as an employee receiving sensitive information about clients.  

Because of this process of encryption and decryption, hackers and other cybercriminals are shut out and any other potential bad actors in the “ocean” cannot take advantage because the data is impenetrable and the tunnel inaccessible.  

Site-to-Site VPN Requirements

When considering a site-to-site VPN, these key requirements should be used to determine what VPN your company should choose:

  • Strict Security Measures: As data is in transit and at rest, it must be secured through effective authorization, authentication, and administration. A VPN with well-programmed gateways ensures that data is only permitted through proper authentication, enhancing network safety by discarding unauthorized access attempts.
  • Easy to Operate: A user-friendly VPN is essential for convenience. Users should be able to access it through a web browser. However, ease of access should not compromise security.  
  • Expandability: Scaling a VPN is a straightforward process and should enable the addition of new sites, users, offices, or partner organizations within minutes.
  • Business Continuity: When facing an issue, minimizing business interruption is crucial for a quick recovery. Site-to-site VPN allows for remote access immediately after an emergency has been identified.
  • Deployment Flexibility: By using a VPN, you can easily introduce a new solution to a wide array of devices across different locations. You get to decide which sites receive the new solution first, allowing for organized training or support in manageable stages, preventing your IT team from being overwhelmed all at once.

Now that you know what to look for in a VPN, let’s get into why you would want to invest in one.

Benefits of Site-to-Site VPNs  

Site-to-site VPNs significantly enhance the security and efficiency of organizational networks.

Here are a few advantages to take into account:

Watertight Internal Network  

When a business takes advantage of a site-to-site VPN, they can share data and information between networks more securely.

Business leaders are concerned about the rise in cyberattacks, especially ransomware. Additionally, the cybersecurity skill gap in the US makes it difficult for organizations to find specialists to safeguard their data.  

Using a VPN can give businesses peace of mind, safe in the knowledge that data can be transferred between disparate locations while the risk of a breach is lowered.  

Operational Efficiency  

As opposed to a personal VPN service, site-to site users don’t have to have client VPN apps installed on any of their devices. This means it’s easier for employees to safely connect to the company network.  

Employees simply have to be logged on to this network as they usually would, and the gateway—which is the entry point at one end of the VPN— takes care of the rest.  


One of the biggest benefits of implementing a site-to-site VPN for an organization is its scalability. If you open a new branch or office, it’s easy to add them to the wide area network (WAN).

Using VPNs is only one of the tools that fall under the umbrella of information security, which aims to protect the confidentiality, integrity, and availability of your data. Watch an explainer video on information security—also known as infosec—and its benefits below: 

Types of VPNs

By encrypting data over a public network, a VPN establishes a secure and private network to ensure confidentiality and safety. VPNs can be divided into three categories: remote access, site-to-site, and personal

Remote Access

This is the most common type of VPN for individual users. It connects devices to networks. For instance, an employee working from home would use a remote access VPN to connect their laptop to their company’s network.  

This type for VPN can create a more secure connection between remote workers and the organization where they work. It can also be used by workers travelling or using their own device to conduct business.  


The focus of this blog. While remote access VPNs connect individual users, site-to-site VPNs connect whole networks to each other.  

As opposed to a remote access VPN, site-to-site VPNs encrypt data at a gateway, so users don’t have to have any of the VPN software installed on their computer—so long as they’re connected to the “site” (the network), their data is protected.  


A personal VPN creates an encrypted connection between a person’s device —such as a laptop or cellphone—and an online destination. For example, a user could use a personal VPN to stream content on Netflix from their personal computer.  

Remote access VPNs and site-to-site VPNs connect employees to their organizations or two company branches to each other. Thus, they are both examples of B2B VPNs. If your VPN vendor or service provider helps manage this secure connection, you are benefitting from a B2B VPN service.  

Does Your Business Need a Site-to-Site VPN?  

This depends on a number of factors, but usually will come down to the following considerations:  

  • The size of your business  
  • The number of company locations  
  • The sensitivity of data being shared  

If your business is small, functioning in one office with little data traveling outside of your premises, then a site-to-site VPN won’t be necessary.  

If, however, you’re a growing company that has ambitions to expand into a larger organization with multiple locations, or perhaps already operating in multiple locations, then a site-to-site VPN would be a sensible investment for now and the future.  

Then, consider the sensitivity of the data your business handles. For businesses operating in industries like healthcare or finance, data protection solutions are crucial. Customer records, protected information, and any sensitive data demand heightened cybersecurity protocols. Compliance laws and regulations also require businesses to protect certain types of customer data.  

This goes for many businesses of other verticals, too, many of which handle significant amounts of customer data and can face hefty fines—or worse—if they don’t have the right security measures in place.  

If your organization is still sharing sensitive data over an unprotected channel, a site-to-site VPN option can help you minimize the risk of the data being stolen or breached.  

Infographic: 41% of VPN users in the US and UK use the technology weekly and 36% use it daily.

When a Site-to-Site Might Not Be Best  

Site-to-site VPNs have been good ways for businesses to secure traffic, but as businesses continue to relocate their data and applications to the cloud, and workers spend more time operating outside of office networks (remote working), the process of routing traffic through an onsite data center doesn’t make as much sense.  

Because of this, many companies are shifting away from site-to-site VPNs entirely. Some of the drawbacks of site-to-site VPNs include:  

  • Security: With a site-to-site VPN, data is designed to only be encrypted between two points. The VPN tunnel itself doesn’t offer any security features like access control or content regulation. Because of this, organizations often implement a spoke-hub process for dealing with VPN connections, meaning that all data passes through a central location (usually the company’s HQ) where it can be inspected and sent on its way. The issue with this technique is that it creates a more substantial load on your servers, meaning slower network speeds.  
  • Visibility and Management: Each site-to-site VPN tunnel is independent from the other, making management and visibility of these data transfers difficult. Where IT departments are doing their best to centralize data and reduce network latency, a site-to-site VPN can have the opposite effect. In addition, VPN must be set up, configured, monitored, and managed individually—often a complex and costly endeavor.
  • Remote Access VPN Might Be Right for Your Business: If your primary concern right now is protecting data handled by remote workers, then you might want to invest in a VPN that is remote access-based. As we briefly mentioned, a remote access VPN works in much the same way as a site-to-site VPN, only—as the name implies—it can be logged into from anywhere and any device that has an internet connection.  

Difference Between Site-to-Site and Remote Access VPN  

With a site-to-site VPN, an encrypted tunnel using IPsec—a suite of protocols that create an encrypted connection between devices—is created to establish a VPN “tunnel” between two servers in order to traffic data.  

With remote access VPN, a secure sockets layer (SSL) VPN—which uses an encryption-based Internet security protocol—is typically used to form connections between the office network and individual endpoints.  

Secure access service edge (SASE) is another platform, geared towards companies that house a lot of their data in the cloud. It combines remote access VPNs with the security features that you would expect from a corporate firewall, like threat hunting and detection, next-gen antivirus, and more.  

If you’re concerned about company data being handled remotely, then investing in a SASE system is likely the best option for dealing with a remote workforce for now and the future—it’ll allow you to have all the benefits of your office network security but through the cloud instead.  

While site-to-site VPNs are best suited to businesses which operate with multiple offices, remote access VPN is best suited to organizations which have remote workers, and a combination of the two is ideal for a company that has both.  

Pulling the Plug on VPNs

Site-to-site VPNs play a crucial role in securing data transfer between locations, offering benefits such as a watertight internal network, operational efficiency, and scalability. This type of VPN functions as encrypted tunnels, ensuring data confidentiality and mitigating cyber threats.  

However, businesses need to assess their needs and consider factors like size, data sensitivity, and work dynamics. While site-to-site VPNs excel in certain scenarios, evolving workplace trends, cloud migration, and the rise of remote work have all led to considerations of alternative solutions.  

Ultimately, the choice between VPNs depends on specific requirements and challenges each organization faces, emphasizing the importance of adapting security measures to evolving technological environments.

Enlist the expertise of a managed IT service provider to establish and oversee a site-to-site VPN or other solution for your company. Explore the advantages of managed IT services by downloading Impact's eBook, Does Your Business Need a Managed IT Service Provider? 


Managed ITCybersecurityMitigate Cyber Risks


Additional Resources

man with headset pointing at screen in security operations center

Does Your Business Need a Managed IT Service Provider?

Download this free eBook from Impact now! Learn what a managed IT services provider does, when it’s better than an in-house team, and if you should get one.

Business Tech Insights Straight to You

Subscribe to our newsletter and get all our insights, videos, and other resources delivered to your inbox.

Subscribe Now

Elevate Your Business Today

Speak to one of our experts about how you can apply innovative strategies and solutions to your business.

Get Started

Impact Insights

Sign up for The Edge newsletter to receive our latest insights, articles, and videos delivered straight to your inbox.

More From Impact

View all Insights