For companies who can’t—or just don’t—host all of their information and applications in the public cloud, VPNs are a gateway to business-critical resources that employees need to do their jobs when they’re not in the office.

Since we’re in the middle of a global pandemic, most of us can’t go into our offices. But bills still need to be paid, customers still need to be contacted, and internal resources like line of business applications need to be accessed.

As a result, you may be monitoring and managing an unprecedented number of remote VPN users who, for the most part, are using new and potentially unfamiliar technology. Problems are bound to arise. Here’s what you need to know in order to put out fires from a distance.

What’s a VPN?

VPNs (virtual private networks) create an encrypted tunnel between a user’s computer and a remote network.

In most VPN scenarios, a user will manually start a VPN client and authenticate themselves with a username and password. The VPN client then creates the encrypted tunnel between the user and a remote network, giving them access to privately hosted applications and resources on the network.

To give users remote access to a network, a VPN client will use one of two security protocols to create an encrypted tunnel: IPsec or SSL. The two protocols provide secure remote access, but they’re fundamentally different in how they do so.

IPsec requires that you install and configure a VPN client on each individual device, and keep the software updated. With IPsec, each device then has direct access to the complete central company network.
 
SSL, on the other hand, can be much simpler to use. In the simplest form, commonly referred to as an SSL VPN portal, the VPN is browser-based and doesn’t require a special software install. The SSL VPN portal also only gives users access to specific applications and not the entire network. More commonly,  SSL VPN clients also give a full IPsec experience. But thanks to ease of setup and the ability to restrict access, SSL VPNs are the more popular of the two options.

It’s important to note that VPNs—whether they’re IPsec or SSL—can also be categorized as remote access VPNs or site-to-site VPNs, but we’re only talking about remote access VPNs here.

When you’re supporting VPN users, there are three common types of problems that will eventually come up: setup, capacity, and performance.

Common VPN setup issues

As you set up workers with a VPN en masse, you’ve likely been asked “How do I install a VPN client?” or “Is my VPN client set up correctly?” dozens of times.

While the initial wave of these questions is over (we hope!), it’s always good to have a canned answer or a shareable resource in your back pocket. Here are a few we’ve found helpful:

Managing VPN capacity issues

Once users are successfully set up, your next batch of problems may be caused by a firewall at capacity. Firewalls usually license VPNs by the number of concurrent VPN sessions allowed at one time. Some firewalls also have a practical maximum limit for VPN sessions based on the hardware’s capacity.

If the number of users trying to connect to a firewall through a VPN exceeds the license count or maxes out the hardware limit, they won’t connect successfully and won’t be able to access the business-critical applications hosted on the network.

But Auvik has you covered on monitoring and managing VPN capacity issues. Without any manual setup, you can now quickly and easily monitor and report on SSL VPN sessions across multiple firewall vendors and multiple sites.



vpn monitoring in auvik

Having data on real-time VPN usage at your fingertips eliminates hours you’d otherwise have to spend manually collecting the data one device at a time. Plus, four alerts automatically notify you when sessions reach—or surpass—defined thresholds:

  1. The number of SSL VPN sessions has maxed out
  2. There’s a high number of SSL VPN sessions in use
  3. There’s a low number of available SSL VPN sessions
  4. There’s a high percentage of SSL VPN sessions in use



VPN monitoring alerts

With this info, you can proactively add VPN session capacity by purchasing more VPN licenses or upgrading the firewall hardware. (Also check with the firewall’s vendor to see if they’re offering free additional licenses for a limited time—many of them are during the pandemic.)

By making changes to the network ahead of capacity becoming an issue, you can avoid frustrated users bombarding you with tickets and ensure the business continues to run productively.

Troubleshooting network performance issues

Once users are successfully set up with a VPN and capacity is dealt with, performance problems that are typical on any network are next to crop up—things that aren’t loading fast enough, for example.. These issues often point to problems with device, network, or application performance and not necessarily VPN performance.

A number of culprits could be behind the issue—the device throughput may be maxed out, the device may be outdated and overwhelmed, or someone may be using up all the bandwidth.

Troubleshooting poor device performance is something Auvik has always been able to help with. If you’ve ruled out mis-steps during VPN set up or capacity bottlenecks as the culprit behind a VPN user’s issue, here are some resources to explore:


Interested in learning more about Auvik’s VPN monitoring? If you’re a current Auvik customer, the Auvik Knowledge Base tells you how to get started. If you aren’t using Auvik yet, you can try it (including the full VPN monitoring capabilities) free for 14 days.