3min. read

What Is a Site-to-Site VPN?

A site-to-site virtual private network (VPN) is a connection between two or more networks, such as a corporate network and a branch office network. Many organizations use site-to-site VPNs to leverage an internet connection for private traffic as an alternative to using private MPLS circuits.

Site-to-site VPNs are frequently used by companies with multiple offices in different geographic locations that need to access and use the corporate network on an ongoing basis. With a site-to-site VPN, a company can securely connect its corporate network with its remote offices to communicate and share resources with them as a single network.

Figure 1: Example of a site-to-site VPN

Site-to-site VPNs and remote access VPNs may sound similar, but they serve entirely different purposes.

  • A site-to-site VPN is a permanent connection designed to function as an encrypted link between offices (i.e., “sites”). This is typically set up as an IPsec network connection between networking equipment.
  • A remote access VPN is a temporary connection between users and headquarters, typically used for access to data center applications. This connection could use IPsec, but it is also common to use an SSL VPN to set up a connection between a user’s endpoint and a VPN gateway.

Why Site-to-Site VPNs Are No Longer Enough

Companies have traditionally used site-to-site VPNs to connect their corporate network and remote branch offices in a hub-and-spoke topology. This approach works when a company has an in-house data center, highly sensitive applications or minimal bandwidth requirements. However, now that most companies have moved their applications and data to the cloud and have large mobile workforces, it no longer makes sense for users to have to go through an in-house data center to get to the cloud when they can instead go to the cloud directly.

Consequently, companies need to set up network topology with access to the cloud or data center applications. This is driving organizations to set up network architectures that do not depend on bringing all traffic back to headquarters.

SASE: A Modern Solution for Connecting Remote Offices 

A more recent cybersecurity model called a secure access service edge (SASE; pronounced “sassy”), delivers the networking and network security services companies need directly through a cloud infrastructure. Moreover, SASE offers multiple security capabilities, such as advanced threat prevention, credential theft prevention, web filtering, sandboxing, DNS security, data loss prevention (DLP) and others from one cloud-delivered platform.

This allows companies to easily connect their remote offices; securely route traffic to public or private clouds, software-as-a-service (SaaS) applications or the internet; and manage and control access.


Some of the benefits of using a SASE are that it allows companies to: 

  • Provide branch offices and retail stores with access to the cloud or the data center.
  • Quickly identify users, devices and applications.
  • Consistently apply security policies across multiple locations and enforce least-privileged access.
  • Dramatically simplify their IT infrastructure and reduce costs since they can use a single cloud-based solution instead of buying and managing multiple point products.

Click here for more information about securing branch offices and retail stores.

More Resources


What is a virtual private network (VPN)?

A virtual private network (VPN) allows you to safely connect to another network over the internet by encrypting the connection from your device.

Learn more about VPN's

Prisma Access Product Page

Prisma Access protects hybrid workforces with ZTNA 2.0, providing exceptional user experiences from a unified, cloud native security product.

Learn more about how to protect your hybrid workforce with Prisma Access.

The State of Hybrid Workforce Security 2021

The State of Hybrid Workforce Security 2021 study details how organizations approach remote access and remote security to best enable their hybrid workforces.

Learn more about the state of hybrid workforce security.

Prisma Access Datasheet

Prisma Access transforms networking and security to deliver the industry's most comprehensive cloud-delivered secure access service edge (SASE) solution.

Learn more about Palo Alto Networks Prisma Access here