Nexcess Logo

What is a Nexcess site-to-site VPN tunnel?

Knowledge Base Home

Notice anything different?

We've enhanced the appearance of our portal and we're working on updating screenshots. Things might look different, but the functionality remains the same.
September 10, 2019

A site-to-site VPN is an IPsec-based encrypted tunnel that links your Nexcess-hosted environment with a remote site.


A site-to-site VPN is an IPsec-based encrypted tunnel that links your Nexcess-hosted environment to a remote site. A site-to-site VPN works by creating a secure, encrypted pathway between two locations. The communication occurs between the internal, private network at Nexcess and the external, private network at a client's remote site. This tunnel is used for communication with the Nexcess server and other administrative tasks, not for web browsing. You cannot access your website via a web browser over an IPsec tunnel.


Depending on the application, if you have offices or fulfillment centers that need to communicate directly with Magento's administrator's interface, a site-to-site VPN may be useful. If you use non-encrypted protocols for data transfer, VPN can provide a secure these transfers. Clients using in-house payment processors or inventory management applications will also benefit from a VPN as their applications can communicate with Magento directly and securely.

Developers wanting direct access to the file system for file uploads and downloads can also use this VPN for secure access.


Your remote location must have a static IP address. Home broadband connections with dynamic IPs will not work because the tunnel will fail when the IP address changes. The remote connection also needs an IPsec-compatible VPN appliance. Most SOHO broadband routers and larger gateway and router hardware appliances support IPsec. Some other tunnel protocols such as PPTP are also not compatible. The VPN tunnel must be an IPsec tunnel.

Your Nexcess-hosted site uses the Juniper Netscreen appliances and they generally have good compatibility with other vendors such as Cisco, Checkpoint, Zyxel, and Sonicwall. However, it is your responsibility to make sure your VPN device supports IPsec VPN tunnels. 

Multiple tunnels are a possibility on our hardware. If you have more than one remote office, a tunnel can be created in each location, provided each location meets the necessary requirements.


If you would like to purchase a site-to-site VPN, implement the requirements outlined above. Afterward, contact our support team so they make perform the installation. 

For 24-hour assistance any day of the year, contact our support team by email or through your Client Portal.

Jason Dobry
We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.