Also known as: LAN-to-LAN VPN, S2S VPN
Quick Definition
A permanent encrypted tunnel between two routers or firewalls connecting two offices.
A site-to-site VPN connects two fixed locations (offices, data centres) using an encrypted tunnel over the Internet. The tunnel is established between two gateway devices (routers or firewalls) using IPsec. End devices (PCs, servers) have no awareness of the VPN — they simply route traffic to their default gateway, which forwards it through the encrypted tunnel. Site-to-site VPNs replace expensive dedicated WAN links.
In a site-to-site VPN, the VPN is terminated at the gateway devices — not at individual hosts. This is different from a remote-access VPN where the tunnel terminates at each user's device.
A site-to-site VPN connects two fixed locations (offices, data centres) using an encrypted tunnel over the Internet. The tunnel is established between two gateway devices (routers or firewalls) using IPsec. End devices (PCs, servers) have no awareness of the VPN — they simply route traffic to their default gateway, which forwards it through the encrypted tunnel. Site-to-site VPNs replace expensive dedicated WAN links.
In a site-to-site VPN, the VPN is terminated at the gateway devices — not at individual hosts. This is different from a remote-access VPN where the tunnel terminates at each user's device.
Site-to-site VPN falls under the WAN domain of the 200-301 exam. Understanding it in context with related terms like ipsec and vpn is essential for answering scenario-based questions correctly.