What is a Nexcess site-to-site VPN Tunnel?
Article Number: 884 | Rating: 5/5 from 1 votes | Last Updated: Thu, Jun 9, 2016 at 2:09 PM
What is a Nexcess site-to-site VPN tunnel?
A site-to-site VPN is an IPsec-based encrypted tunnel that links your Nexcess hosted environment with a remote site. The communication occurs between the internal, private network at Nexcess and the external, private network at a client's remote site. This tunnel is used for communication with the Nexcess server and other administrative tasks, not for web browsing. You cannot access your website via a web browser over an IPsec tunnel.
A site-to-site VPN works by creating a secure, encrypted pathway between two locations. One side serves as the Nexcess server, servers, or cluster, and the remote side would be the client's site. In order for this connection to function, the client would contact Nexcess to identify the necessary secure encryption settings and preshared keys. Nexcess engineers will configure our side of the VPN and provide the client with the settings so the client can configure their devices. Once both sides are configured, a tunnel will be established and data can move securely between each side. If there are issues, a Nexcess engineer will work with you to troubleshoot the failed tunnel.
Depending on the application, if you have offices or fulfillment centers that need to communicate directly with Magento's administrator's interface, a site-to-site VPN may be useful. If you use non-encrypted protocols for data transfer, VPN can provide a secure these transfers. Clients using in-house payment processors or inventory management applications will also benefit from a VPN as their applications can communicate with Magento directly and securely.
Developers wanting direct access to the file system for file uploads and downloads can also use this VPN for secure access.
A site-to-site VPN is not a direct-access tunnel that allows a computer to connect to a Nexcess server. A site-to-site VPN connects remote locations to the Nexcess environment via routing. This means that a client site that has an established tunnel to our server or servers can communicate from any machine in that environment to the Nexcess server or servers.
Your remote location must have a static IP address. Home broadband connections with dynamic IPs will not work because the tunnel will fail when the IP address changes. The remote connection also needs an IPsec-compatible VPN appliance. Most SOHO broadband routers and larger gateway and router hardware appliances support IPsec. Some other tunnel protocols such as PPTP are also not compatible. The VPN tunnel must be an IPsec tunnel.
The Nexcess site uses the Juniper Netscreen appliances and they generally have good compatibility with other vendors such as Cisco, Checkpoint, Zyxel, and Sonicwall. However, it is the client's responsibility to make sure they have a VPN device that supports IPsec VPN tunnels.
An IPsec VPN is a private tunnel for a specific client's hardware device at Nexcess. Nexcess does not share VPN appliances among clients.
Multiple tunnels are a possibility from Nexcess' hardware appliance. If a client has more than one remote office, a tunnel can be created in each location if each location meets the necessary requirements.
There are no attachments for this article.
Nexcess Acceptable Use Policy
Added on Thu, Jul 25, 2013
How to preview a website before DNS update is complete
Added on Mon, Jul 29, 2013
How to use the Nexcess Secure Password Generator
Added on Fri, Aug 2, 2013
How to install Vanilla Forums Community Edition 1.8
Added on Wed, Mar 19, 2014
What is the PHP-FPM limit (max_children)?
Added on Mon, Nov 23, 2015
How to Install Joomla 3.2
Added on Tue, Mar 18, 2014
How to install PrestaShop 1.6
Added on Wed, Mar 19, 2014
What is memcached?
Added on Tue, Jul 22, 2014
How to use TraceRoute
Added on Mon, Aug 5, 2013
What is a web application firewall?
Added on Mon, Feb 23, 2015