Networking
If your organisation operates multiple offices across London or beyond, you've likely encountered the challenge of securely connecting them. A site to site VPN setup business environments need is no longer a luxury—it's essential infrastructure. Whether you're managing sensitive client data, enabling seamless file sharing, or simply reducing reliance on expensive leased lines, a site-to-site VPN creates an encrypted tunnel between your office locations, allowing staff and systems to communicate as though they're on the same physical network. For London-based SMBs in professional services, legal practice, or financial advisory, this capability can transform operational efficiency while strengthening your data defence posture.
A site-to-site VPN differs fundamentally from the remote access VPNs many of your staff may use when working from home. Rather than individual users connecting through a VPN client, a site-to-site setup links entire networks together at the infrastructure level. Think of it as an encrypted bridge: data travels securely between your London head office and your satellite location in Manchester, or between your main premises and a disaster recovery site.
The architecture typically involves VPN gateways (either hardware appliances or software-based solutions) installed at each location. These gateways authenticate each other, establish an encrypted tunnel, and manage all traffic flowing between the networks. For most SMBs, this means:
The beauty of this approach is transparency: users don't need specialised software or manual connection steps. A staff member in your Bristol office accessing a file server in London simply uses network resources as normal, with encryption happening invisibly in the background.
Before purchasing or configuring anything, map your current setup. Document:
For professional services firms handling confidential client information, this audit is also your first compliance checkpoint. Understanding your network helps you identify where encryption is most critical.
You have several options, each with trade-offs:
For many London-based SMBs, cloud or managed solutions offer the best balance: you avoid capital expenditure on hardware, reduce maintenance burden, and gain access to enterprise-grade infrastructure without the expertise normally required in-house.
This step is critical and often overlooked. Each office location must have a unique IP subnet (for example, head office uses 192.168.1.0/24 and a branch uses 192.168.2.0/24). The VPN gateway must know which traffic destined for the remote subnet should be encrypted and sent through the tunnel.
You'll need to configure routing policies—often called "split tunnelling" configurations—that specify:
Most organisations prefer full tunnelling through the primary site for internet-bound traffic, ensuring centralised security controls and compliance logging, though this introduces slightly more latency.
The VPN gateways at each site must authenticate each other before the tunnel can form. Standard approaches include:
For encryption, IPsec uses two layers: an outer encryption layer (Phase 2, using AES-256 as the gold standard) and inner authentication and key exchange (Phase 1, typically using IKEv2 protocol rather than the older IKEv1). These settings should align with your organisation's security policy and any regulatory requirements—particularly important for legal firms and financial advisers subject to Data Protection Act 2018 and sector-specific rules.
Once your site-to-site VPN is active, thorough testing is essential. Before fully deploying, verify:
Ongoing monitoring cannot be an afterthought. Many VPN failures go unnoticed for hours or days because nobody watches the tunnel status actively. Configure alerts on your VPN gateways or use network monitoring tools to notify your IT team immediately if a tunnel goes down or performance degrades unexpectedly.
For bandwidth-intensive activities—such as large file transfers between offices or real-time backup traffic—consider Quality of Service (QoS) rules that prioritise critical business traffic over less urgent data.
Most VPN implementation problems stem from a few recurring mistakes. Overlapping IP subnets cause traffic to be misrouted or dropped entirely; this is why that early audit matters. Misconfigured firwall rules often block VPN traffic accidentally—ensure your perimeter firewalls are configured to permit the VPN protocols and ports your gateways use (typically UDP 500 and 4500 for IPsec).
Underestimating bandwidth is another common error. Many organisations provision a VPN link, then find it saturates unexpectedly during backup windows or high-volume document processing. Plan for peak traffic, not average usage.
Finally, security credentials—especially pre-shared keys—are sometimes shared via insecure channels or stored carelessly. Treat VPN credentials with the same rigour as database passwords, and rotate them regularly as part of your change management process.
A well-designed site-to-site VPN transforms how your distributed team collaborates, eliminating geographical barriers while maintaining robust security. Whether you're a growing professional services firm expanding beyond your original London base or an established advisory business managing multiple client engagement hubs, this infrastructure investment pays dividends in agility and defence. The technical foundations we've outlined here—proper planning, appropriate gateway selection, careful configuration, and diligent monitoring—form the basis of a reliable, future-proof inter-office network. Your next step is assessing your specific organisational needs and determining whether managed implementation support would accelerate your deployment timeline and reduce risk.
VP Compass gives you 6 industry templates with pre-mapped VLANs and compliance frameworks. AI annotations, PDF export, offline PWA — free.
Open VP Compass →