What is a Nexcess site-to-site VPN tunnel?

    October 9, 2019

    A site-to-site VPN is an IPsec-based encrypted tunnel that links your Nexcess-hosted environment with a remote site.


    A site-to-site VPN is an IPsec-based encrypted tunnel that links your Nexcess-hosted environment to a remote site. A site-to-site VPN works by creating a secure, encrypted pathway between two locations. The communication occurs between the internal, private network at Nexcess and the external, private network at a client's remote site. This tunnel is used for communication with the Nexcess server and other administrative tasks, not for web browsing. You cannot access your website via a web browser over an IPsec tunnel.


    Depending on the application, if you have offices or fulfillment centers that need to communicate directly with Magento's administrator's interface, a site-to-site VPN may be useful. If you use non-encrypted protocols for data transfer, VPN can provide a secure these transfers. Clients using in-house payment processors or inventory management applications will also benefit from a VPN as their applications can communicate with Magento directly and securely.

    Developers wanting direct access to the file system for file uploads and downloads can also use this VPN for secure access.


    Your remote location must have a static IP address. Home broadband connections with dynamic IPs will not work because the tunnel will fail when the IP address changes. The remote connection also needs an IPsec-compatible VPN appliance. Most SOHO broadband routers and larger gateway and router hardware appliances support IPsec. Some other tunnel protocols such as PPTP are also not compatible. The VPN tunnel must be an IPsec tunnel.

    Your Nexcess-hosted site uses the Juniper Netscreen appliances and they generally have good compatibility with other vendors such as Cisco, Checkpoint, Zyxel, and Sonicwall. However, it is your responsibility to make sure your VPN device supports IPsec VPN tunnels. 

    Multiple tunnels are a possibility on our hardware. If you have more than one remote office, a tunnel can be created in each location, provided each location meets the necessary requirements.


    If you would like to purchase a site-to-site VPN, implement the requirements outlined above. Afterward, contact our support team so they make perform the installation. 

    For 24-hour assistance any day of the year, contact our support team by email or through your Client Portal.

    Was this article helpful?

    Send feedback

    Can’t find what you’re looking for?

    Our award-winning customer care team is here for you.

    Contact Support