A site-to-site Virtual Private Network (VPN) allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. Site-to-site VPN extends the company's network, making computer resources from one location available to employees at other locations. An example of a company that needs a site-to-site VPN is a customer with dozens of branch offices around the world.

Cloud Edge creates encrypted tunnels by using the Internet Key Exchange (IKE) and IP Security (IPsec) protocols. IKE creates the VPN tunnel, and this tunnel is used to transfer IPsec encoded data. Think of IKE as the process that builds a tunnel, and IPsec packets as trucks that carry the encrypted data along the tunnel.

Cloud Edge gateways implement the Encapsulated Security Payload (ESP) protocol. The encrypted packets look like ordinary packets that can be routed through any IP network.

IKE is performed automatically based on pre-shared keys or X.509 digital certificates. As an option, you can specify manual keys. Interface mode, supported in NAT/Route mode only, creates a virtual interface for the local end of a VPN tunnel.