An internet-based site-to-site VPN uses the existing network of an organization in combination with the public internet. To set up an internet-based site-to-site VPN, you need a VPN gateway that secures the data traveling back and forth.
To create an internet-based site-to-site VPN, you make a tunnel that connects two networks, for which you need three components:
* A base network in one location
* A satellite network in another location
* A tunnel with security gateways on each end
The tunnel “burrows through” or sits on top of a physical internet connection. However, the tunnel protects the traffic flowing through it from being accessed by people using the physical network. To set it up, you need to set up a gateway at each site. The first gateway the data meets as it enters the tunnel will encrypt the data. The encryption keeps each data packet safe from users, devices, and malware that could seek to corrupt, steal, or compromise it in some way.
As the data arrives at its destination, it meets the other gateway. This decrypts the data so the network on the other side can read it. Entities in the physical internet the data has to travel through while encrypted will not be able to read it. The data will remain unreadable without a second gateway to decrypt it for the receiving network.
The gateway may incorporate a network access server and a secure access service edge (SASE), which requires the user to enter credentials before they gain access to the VPN.
You can also use a firewall, which furnishes a powerful barrier that sits between the organization’s private network and the surrounding internet. The firewalls can restrict the kind of traffic allowed to go through them.
