Site Networking

Each location has its own network, with its own internet connection, its own systems, and its own data. Employees at the second location have no access to central resources like ERP systems, files, or printers.

Without networking, systems must be operated separately at each location. This means multiple licences, multiple backups, and inconsistent data.

Data is exchanged between locations via email or USB drives. This is error-prone, slow, and prevents efficient real-time collaboration.

The proven standard for site networking. IPsec encrypts all traffic between two locations at the network level. Stable, secure, and supported by virtually every professional firewall and router.

A modern VPN protocol with significantly less overhead than IPsec. Faster connection setup, lower latency, and simpler configuration. Particularly suitable for locations with limited bandwidth or less powerful hardware.

Combines Layer 2 tunnelling with IPsec encryption. Useful when devices at different locations need to appear in the same subnet, for example legacy systems that can't handle routing changes.

For simple setups with two to three locations, static routes are sufficient. Each router is manually told which networks are reachable through which VPN tunnel. Clear and simple, but hard to maintain as the number of locations grows.

From four or more locations, a dynamic routing protocol becomes worthwhile. OSPF automatically learns which networks are reachable and selects the best path. If a connection fails, traffic is automatically rerouted, without manual intervention.

A single internet connection is a single point of failure. With a second connection (e.g., DSL + LTE or fibre + DSL), automatic failover is possible. The VPN tunnel rebuilds over the backup connection.

Monitoring continuously checks reachability of the remote site. If the primary tunnel fails, the system switches to the backup connection within seconds, without employees noticing.

For most SMBs with two to five locations, a classic site-to-site VPN is the right choice. Manageable configuration, no ongoing licence costs, and full control over your own hardware.

From ten or more locations, when centralised policy management is needed, or when cloud services must be performantly connected at many sites, SD-WAN can offer advantages. The trade-off: ongoing licence costs and vendor dependency.

Each location needs its own IP address range. Overlapping subnets (e.g., 192.168.1.0/24 everywhere) make networking impossible. Clean planning before setup saves rebuilding later.

An up-to-date network diagram with all locations, subnets, and VPN tunnels is not a nice-to-have. Without documentation, every change becomes guesswork, especially when someone else needs to step in.