Networking · Security
VPN
Also known as: Virtual Private Network
Creates an encrypted tunnel between two endpoints over the public internet — used for remote access to corporate resources and connecting offices without leased lines.
A VPN lets you treat an untrusted network — the public internet — as if it were a private connection. Traffic between the two endpoints is encrypted in transit, so anyone intercepting it sees only ciphertext.
Two distinct use cases
Remote access VPN connects individual users to the corporate network. An employee at home or a hotel opens a VPN client, authenticates, and their device gets a corporate IP address with access to internal resources as if they were physically in the office. This is the most common VPN use case for SMB environments.
Site-to-site VPN connects two networks — typically two office locations — through a persistent encrypted tunnel between the firewall/router at each site. Traffic between the sites flows through the tunnel automatically, with no client software on end devices.
IPsec vs SSL
The two dominant tunneling protocols:
IPsec is the standard for site-to-site VPNs — persistent tunnels between gateways. Mature, widely supported, efficient for point-to-point network interconnection.
SSL/TLS (SSL VPN) is the standard for remote access. Runs over port 443, which is almost never blocked — making it more reliable for users connecting from hotels, airports, or restrictive networks. Most modern remote-access VPN clients (Cisco AnyConnect, SonicWall NetExtender, Palo Alto GlobalProtect) use SSL/TLS under the hood.
What a VPN is not
A VPN doesn't replace a firewall. It provides an encrypted transport layer, but access control — what authenticated users can reach once connected — still requires proper firewall rules and segmentation. Don't mistake "on VPN" for "trusted."