More Thoughts


Make sure you avoid these common Business VPN pitfalls and discover the 3 top ways to improve your team's working remote working set-up.

The COVID-19 situation forced businesses globally to close their front doors. In many cases, office-based employees become full-time remote workers. IT departments felt a huge strain to provide the correct equipment and remote access to applications and services to enable normal business functions to continue whilst people were working from home. 

Of course, the need for remote working continues, whether pandemics, natural disasters, or a business choice to support more ongoing hybrid working arrangements.

executing BCPs

Business Continuity Plans are being executed and for many, this means setting up the correct secure access for users to access apps and services which are being hosted inside a business LAN (Local Area Network). To allow secure access, VPN (Virtual Private Network) is used.

Read more about Fine-Tuning Business Continuity Plans.

what does a business VPN do?

VPN technology uses a variety of different secure network protocols to create a secure encrypted tunnel to route traffic from machines and laptops across the public internet network into their business local networks. The result, users can access business apps and services which are hosted out of their businesses local networks from home or remotely without compromising security.

Although a proven method to access apps and services from home. There are many downfalls with this traditional architecture.

VPN 3.2 Main

security configurations

Client VPN configuration is a tedious task to set up and configure. In many instances, they aren’t set up with security in mind. Client machines require a headend device to communicate with, normally a firewall or router which is capable of performing VPN functions being hosted within the business local area network.

VPN profiles are configured to set up access on these headend devices to remote users, however, most profiles are set up to allow users total access into the environment. As a result, the user doesn’t necessarily have the appropriate security permissions and therefore there is no limit on what files or data among other things they can access on the businesses network.

VPN 3.2 Body
A high-level overview of a client VPN tunnel.

capacity planning & performance challenges

Capacity planning is required on the headend firewall or routers. As nearly all employees are now forced to work from home an enormous strain is put on these appliances to perform. Many businesses have not planned or expected for the rapid need to enable an entire workforce to work from home/remotely and in result, these appliances are being over-utilized, leading to degraded performance and poor user experience for remote workers.

licencing problems

Headend appliances, such as firewalls and routers, require a user count for licensing to enable client VPN functions. Many businesses will not have the appropriate licensing to allow all staff to access VPN remotely. This could cause an issue for remote workers and some users who try to connect will not be able to connect due to all the licenses being consumed by other remote users.

difficulty connecting

There can be complications with VPN connection establishment and there can be several factors which stop a successful VPN tunnel from establishing. For instance, upstream firewalls could be blocking essential ports required to establish the client VPN tunnel.

There could also be a secondary device performing the network address translation (NAT) above the VPN device could lead to double-NAT issues if the port forwarding rules are not created correctly.

Find out more about NATs.

Overall, there are an array of configuration and scalability issues that could arise with VPN being used for enabling a workforce to work remotely.

what can be done to solve VPN issues?

Although the traditional model of VPN client connectivity is still valid there are an array of options now available to overcome the headaches of traditional client VPN solutions. These are:

teleworker gateway solutions

The teleworker gateway solutions are normally built and designed appropriately. By using this solution, there is no need for a complex configuration of client VPN profiles, worrying about capacity planning or licensing on headend VPN appliances.

In addition, the majority of the leading teleworker solutions offer the ability to perform complex network functions such as NAT-Transversal and cloud management and monitoring to overcome complications that could arise from upstream devices stopping or preventing VPN tunnel establishments!

This video gives a great overview of a Cisco Meraki teleworker gateway device.

1. replace client VPN solutions with teleworker gateway solutions

Remote teleworker solutions are now available from most leading networking vendors. These solutions allow users to be provided with or shipped a piece of hardware which they plug into their home network. Once connected, a VPN tunnel is established automatically back to the businesses’ local area network. The users then plug directly into the unit or connect to the same wireless network they would as if they were in the office.

2. adopting cloud first ways of working

Migrating legacy applications and services to SaaS (Software as a service) applications can drastically change your businesses’ need to use VPNs. In some instances, it could remove the need to use VPNs at all. This is because instead of housing applications and services on-premise in your own data centre environment, they are instead cloud-based and accessible to authorised devices and users. In return removing the requirement of needing a VPN solution for your end-users to be able to access applications and services while working remotely.

Prime examples of cloud-based tools for working are Google Workspace and Microsoft 365. Both office suites are SaaS applications. The use of Google Workspace or Microsoft 365, removes the need for users to access business local networks over a VPN as files and documents are created, worked on, and stored in shared drives that are hosted in the cloud and enable secure remote access by default.

3. get remote working help

If you’re struggling to set up a remote workforce or not sure if your current solution is allowing for the best performance, security, or cost-savings results, we can help with remote working.

Our team has experience with network engineering, cloud transformation, and development solutions. Dynamo6 is committed to helping businesses adopt the right technologies and services to enable them to succeed.

Did you know that your Internet Explorer browser is out of date? To get the best experience on our website we recommend that you upgrade your browser.