Remote Access VPN vs Site-to-Site VPN – Full guide 2020Last Updated by Denise Sullivan on April 01, 2020
Remote access and site-to-site VPN connections both offer a secure way to transfer data between servers, so how do you choose which one is the best choice for you or your business? We take an in-depth look at the differences between the two.
What is a Remote Access VPN
A remote access VPN has two main components.
1. Network Access Server, also known as NAS.
A NAS may be a server with multiple software applications running, or it may be a dedicated server. The NAS is the system that users connect to gain access to the internet.
2. Client Software
Client software is the application installed on the user’s computer which connects to the NAS. Modern operating systems have a client software pre-installed allowing the user to connect without installing additional software. However, most VPN services offer dedicated software to connect to their servers. Dedicated VPN client software often includes a “kill switch” feature which blocks internet connections if they lose VPN connection.
The client software is what creates the tunnel between the user’s computer and the NAS. This encrypted connection prevents others from viewing the user’s location or what they are accessing online. Companies utilizing a remote access VPN often deploy and maintain their client software and do not rely on operating system base protocols. ExpressVPN and NordVPN are two of the leading Remote Access VPNs on the market.
What is a Site-to-Site Connection VPN
With site-to-site VPNs, computers in multiple locations can connect to each other using a public network, like the internet. The interconnection of computers creates a network in which all devices have access to the same resources. There are two main types of site-to-site connections: intranet and extranet.
With an intranet network, a company connects one or more remote locations to create a single, private network. Local area networks (LAN), and wide area networks (WAN) can connect this way.
Companies that have a partnership with another may use their servers as part of their VPN connectivity, known as an extranet-based connection. Using an external LAN to connect servers allows both parties to work together without intersecting individual intranets.
How They Stack Up
Both remote access VPN and site-to-site connections allow users to access information outside their usual purview. Both services, used in business interactions, enable workers to obtain data from the businesses’ internal servers.
Remote access VPNs are also used by private individuals to browse anonymously or connect to websites blocked by their countries’ privacy laws.
Let’s take a more in-depth, comparative look at the two connections to see how they stack up.
Which VPN is Right for You
Businesses use remote access and site-to-site VPN connections. However, they do have some fundamental distinctions.
Corporations and private individuals use remote access VPNs for additional security online. From a corporate standpoint, remote access offers employees the freedom to access their accounts and work from anywhere. The use of proprietary client software offers a secure login while encryption protocols keep corporate access safe from unauthorized access. For companies with remote employees, remote access VPN connections are the best way to go.
While remote access VPN is the perfect choice for companies allowing their employees remote access, it is not always the best choice for businesses whose employees are onsite. Onsite employees need access to the same data, and sharing data locally can prevent unsecure transfer of information. In these instances, a site-to-site connection works best. Businesses using an intranet reduces the need for heavy encryption which may slow response time. Unlike remote access VPN, individuals seldom use site-to-site connections to access data. Site-to-site is an excellent tool to connect several corporate locations to one locally held server bank.
There are a series of VPN protocols used by both remote access VPN and site-to-site connections.
- Point-to-Point Tunneling Protocol (PPTP): Point-to-Point Tunneling Protocol creates a tunnel between the client software and NAS and encapsulates the data packets with Point-to-Point Protocol (PPP). All major operating systems, i.e., Windows, Mac, and Linux, support PPTP usage.
- Secure Shell (SSH): Like PPTP, SSH creates a tunnel. The client location uses SSH to connect to a remote computer.
- Internet Protocol Security (IPSec): IPSec secures communication across IP networks. This security protocol encrypts each data packet during transmission one of two ways, either through transport mode or tunneling mode. Transport mode encrypts just the message in the data packet. Tunneling mode encrypts the entire data packet during transmission. Services using IPSec often employ secondary protocols to enhance overall security.
- Layer 2 Tunneling Protocol (L2TP): Layer 2 Tunneling Protocols connects two L2TP locations. However, while it creates the tunnel, there is no encryption. For that reason, L2TP used with another VPN security protocol such as IPSec is common. In this case, L2TP creates the tunneled connection while IPSec encrypts the data package.
- OpenVPN: OpenVPN is an open source security measure using custom protocols based in TLS and SSL. This encryption method works well for Point-to-Point and Site-to-Site connections.
- Secure Sockets Layer (SSL) and Transport Layer Security (TLS): Secure Socket Layer and Transport Layer Security feature when the web browser is the access point for both client and user instead of an entire network. A security protocol used for online shopping and other secure sites where the address begins with HTTPS.
Remote access VPNs can and do employ multiple types of security protocols. Sometimes users can choose the protocol that works best for their needs. This flexibility appeals to a wide array of customers. They feel secure in the knowledge that the option they choose is one they are familiar with and know works well.
Site-to-Site access also uses a number of these protocols. However, usage limitations restrict them with this type of access. Often IPsec, SSL and TLS, and Open VPN are the main security encryptions utilized. These protocols work hand in hand with an Internet Key Exchange (IKE). IKE is a management tool which helps authenticate IPSec connections and establish security.
While remote access VPN is ideal for businesses that allow employees to work from anywhere, site-to-site is better at tethering different branch locations into one intranet or extranet service. Remote access is excellent for individuals, while site-to-site is not applicable to the average internet user. The choice of which to employ depends on your overall needs.