Site-To-Site VPN: Configuration & Integration with Perimeter 81

Site-To-Site VPN Configuration

A site-to-site VPN is especially useful for enterprises looking to keep multiple networks and connections secure, facilitate collaboration, and block unauthorized users. 

Site-to-site VPNs will be most valuable when integrated with other tools your business is likely to use, like Google Cloud, AWS, and Azure. Continue reading for a quick overview of configuring your VPN to work with these platforms. 

Quick Takeaways

  • VPN: Virtual Private Networks connect users to the Internet securely and privately. They use encryption and IP address masking to prevent tracking and connect users to their servers before they reach the rest of the web, hiding their identities and locations.
  • Site-to-site VPN: Like a VPN, the site-to-site VPN provides secure and anonymous connections, but its purpose is to connect resources within an organization rather than to connect users to the rest of the web. 
  • Essential functions of a site-to-site VPN: Data encryption, IP address camouflage, and onboarding simplification. 
  • VPN services: Rather than setting up a VPN yourself and being responsible for all maintenance, updates, and troubleshooting, some companies have adopted VPN services, like those offered by Perimeter81, to streamline operations and reduce hardware investment. 

What Is Site-To-Site VPN?

A Site-to-Site VPN creates a secure connection (a tunnel) between two corporate networks over public networks like the Internet. The goal is to limit the privacy risks by sharing data over a network connection. This reduces the risk of attack, especially of the man-in-the-middle variety,

There are critical differences between a site-to-site VPN and a remote desktop connection. This type of VPN requires that users access it from an application on their devices. Additionally, it does not require a client and server setup.

So, instead of installing hardware on-site to enable VPN connectivity, an employee can log on to the VPN itself from his device and securely connect to the data at the other site.

Site-to-Site VPN Configuration and Integration

One of the perks of a site-to-site VPN service is that IT teams are not responsible for all of the maintenance and upkeep. The provider takes care of the hardware requirements, and you are able to use the VPN as a service. VPN services from Perimeter 81 give you control over your configurations, and you can make changes, monitor activity, and create customized access policies from a central platform as needed. 

Since a VPN service takes a lot off your plate and simplifies customization, focus can be directed to other aspects, like integrating with other platforms to improve productivity and collaboration among employees and customers.

There are three major platforms that businesses typically use and with which you can configure your VPN to work.

Integration #1: Google Cloud

Starting at the Google end, you would configure a VPN gateway there, create the tunnel, and configure the tunnel on the Perimeter 81 side. Finally, you would create policy rules for the VPN.

Here are several benefits of integrating Google Cloud, including the following: 

  • Hide the IP address of your Google resources: Instead of allowing your public IP address to wander free, integrating Google Cloud and Perimeter 81’s site-to-site VPN will create a private IP address, hiding the public one and eliminating an attacker’s ability to find the public IP and leverage it in an attack.
  • Access control: Limiting user access is vital for ongoing data security. If an attacker successfully infiltrates your network using employee credentials, access control can help limit the damage.
  • WireGuard protocol support: Perimeter 81 facilitates using the WireGuard protocol, which encrypts your VPN tunnel with Google Cloud resources.

Integration #2: Microsoft Azure

To integrate Microsoft Azure, create the gateways and tunnel, customize settings and rules – and you’re ready. Integrating with Azure also has some benefits, including:

  • Virtual WAN: If you have two Perimeter 81 gateways within one network, you can set up a virtual WAN, which gives you a leg up on encryption and secure data transit between your network and Azure resources.
  • Allow listing: Integrations with Google Cloud and Azure both allow you to hide your IP address, and they both will support allow listing, in which only users from your private IP address can access the cloud resources. This is a less secure approach, but it is more direct. 

Integration 3: AWS

Setup procedures can be accomplished just as quickly, and AWS will have the fast connections, support, and FWaaS coverage provided with all site-to-site VPN configurations. 

Create a Bulletproof Security Strategy with Perimeter 81

Site-to-site VPN configuration allows you to audit your teams’ activities and control access to data.

Even when you have a VPN in place, remember to enforce a zero-trust environment based on the principle of least privilege. While a VPN keeps your data safe in several ways, it can’t protect you from someone using your employee’s credentials to gain unauthorized access. 

By combining Perimeter 81’s VPN service with good security practices and integrating the VPN with other platforms, you can build a highly secure site-to-site VPN configuration that prevents data theft and increases productivity.

You’re welcome to schedule a demo to learn more. 

FAQs

What are the routing options for a Site-to-Site VPN connection?
There are two main options: Static Routing and Dynamic Routing. Static Routing manually configures routes in route tables to direct traffic through the VPN tunnel. Dynamic Routing protocols like OSPF or BGP automatically learn and update routes, offering more flexibility for complex networks.
What authentication methods are used for Site-to-Site VPNs?
Common methods include Pre-Shared Keys (PSK) for simpler setups and certificates for more robust security.
What are IPSec tunnels, and how do they work in a Site-to-Site VPN?
IPSec tunnels encrypt data packets traveling between networks. They rely on Security Associations (SA) for secure communication between devices.
How do I configure static routes for a Site-to-Site VPN?
Static routes manually define paths for traffic to reach the remote network through the VPN tunnel interface. They point to the tunnel interface instead of the default internet gateway.
Can a Site-to-Site VPN connect to a cloud network?
Yes, Site-to-Site VPNs can securely connect your corporate network to cloud platforms like AWS or Azure, treating them as remote networks.

Get the latest from Perimeter 81