Implement Network Access SSL VPN-Plus

 
Network Access SSL VPN Plus allows remote users to access private networks. In order to do so, you will need to configure multiple different options, including adding an installation package that the user will download and install before accessing the network. To configure the Edge Services Gateway for Network Access SSL VPN-Plus, please follow the steps below.
 

Add SSL VPN server settings for an NSX Edge Interface

 
Step 1. On your Edge Services Gateway under SSL VPN-Plus select Server Settings and then click Change
 
1
 
Step 2. Specify an IPv4 (or IPv6) address, a port, a cipher list, and server certificate then hit OK. If you haven’t configured self signed or CA certificates for the ESG, click here to create certificates. Otherwise you can select the checkbox Use Default Certificate.
 
2
 

Create a VPN IP Pool

 
Step 3. Click on IP Pool then click the + sign to add a new IP pool for the users. You will need to specify a(n) IP Range, Netmask, and Gateway then click OK
 
3
 

Add a Private Network

 
Step 4. Click on Private Networks then click the + sign to add a private Network. Specify your Network (CIDR), Send Traffic, TCP Optimization, Ports, and Status then click OK
 
4
 

Add an Authentication Server

 
Step 5. Click on Authentication then the + sign to add a new Authentication Server. Specify the Password Policy and lockout policy then hit OK
 
5
 

Add an Installation Package

 
Step 6. Click Installation Package then click the + to add a new installation package. Specify the Gateway, OS (Linux, Mac, or Windows which is default) the Status and the Installation Parameters then hit OK
 
6
 

Create a VPN User

 
Step 7. Click on Users then hit the + sign to add new users for VPN access. Specify the User ID, Password, Name, Password Details and Status then click OK
 
7
 

Enable SSL VPN Plus Service

 
Step 8. Last you want to Enable the VPN Service by clicking on Dashboard -> Enable
 
8
 
Step 9. Optional You can add login or logoff scripts by clicking on Login/Logoff Scripts the clicking the + sign. Specify if you want the script to run when a user logs in to the VPN, off the VPN, or both, as well as the script location.
 
9
 
To confirm that the VPN is working, you can console or RDP into the machine, and navigate to https://IP_of_edge/sslvpn-plus
 
10
 
Once you are logged in, you can download the PHAT client by clicking on the link:
 
11
 
Install the package, then navigate to the tray and right click on the VMware SSL VPN-Plus icon and select Login. Then provide your credentials
 
12
 
13
 
14
 
15
 
We can confirm this is working, by using the “route print” command to show our routes. If you look closely, you will notice that I did not have a route to 172.16.10.0 before the VPN, but I have access to 172.16.10.0 after connecting to the VPN.
 
16
 
17
 
Next, you will want to Implement Web Access SSL VPN-Plus.
 

1 Comment

  1. mokhtar -  May 31, 2015 - 3:32 pm 123

    Dear Sean ,,
    Really like every time your explanation is very clear ,, very good
    here in installation Package part i can see gateway as Edge external interface ” 192.168. 18.40 ” that user will connect to it from outside but i think you can also put as 172.16.31.1
    also i think now need for edge to be connected to internet o download client i think it is included in NSX ova image ,

    BR
    Mokhtar

    Reply

Leave A Comment

Your email address will not be published. Required fields are marked (required):

Back to Top