Implement Network Access SSL VPN-Plus
Network Access SSL VPN Plus allows remote users to access private networks. In order to do so, you will need to configure multiple different options, including adding an installation package that the user will download and install before accessing the network. To configure the Edge Services Gateway for Network Access SSL VPN-Plus, please follow the steps below.
Add SSL VPN server settings for an NSX Edge Interface
Step 1. On your Edge Services Gateway under SSL VPN-Plus select Server Settings and then click Change
Step 2. Specify an IPv4 (or IPv6) address, a port, a cipher list, and server certificate then hit OK. If you haven’t configured self signed or CA certificates for the ESG, click here to create certificates. Otherwise you can select the checkbox Use Default Certificate.
Create a VPN IP Pool
Add a Private Network
Add an Authentication Server
Add an Installation Package
Step 6. Click Installation Package then click the + to add a new installation package. Specify the Gateway, OS (Linux, Mac, or Windows which is default) the Status and the Installation Parameters then hit OK
Create a VPN User
Enable SSL VPN Plus Service
Step 8. Last you want to Enable the VPN Service by clicking on Dashboard -> Enable
Step 9. Optional You can add login or logoff scripts by clicking on Login/Logoff Scripts the clicking the + sign. Specify if you want the script to run when a user logs in to the VPN, off the VPN, or both, as well as the script location.
To confirm that the VPN is working, you can console or RDP into the machine, and navigate to https://IP_of_edge/sslvpn-plus
Once you are logged in, you can download the PHAT client by clicking on the link:
Install the package, then navigate to the tray and right click on the VMware SSL VPN-Plus icon and select Login. Then provide your credentials
We can confirm this is working, by using the “route print” command to show our routes. If you look closely, you will notice that I did not have a route to 172.16.10.0 before the VPN, but I have access to 172.16.10.0 after connecting to the VPN.
Next, you will want to Implement Web Access SSL VPN-Plus.