Implement Network Access SSL VPN-Plus

Network Access SSL VPN Plus allows remote users to access private networks. In order to do so, you will need to configure multiple different options, including adding an installation package that the user will download and install before accessing the network. To configure the Edge Services Gateway for Network Access SSL VPN-Plus, please follow the steps below.

Add SSL VPN server settings for an NSX Edge Interface

Step 1. On your Edge Services Gateway under SSL VPN-Plus select Server Settings and then click Change
Step 2. Specify an IPv4 (or IPv6) address, a port, a cipher list, and server certificate then hit OK. If you haven’t configured self signed or CA certificates for the ESG, click here to create certificates. Otherwise you can select the checkbox Use Default Certificate.

Create a VPN IP Pool

Step 3. Click on IP Pool then click the + sign to add a new IP pool for the users. You will need to specify a(n) IP Range, Netmask, and Gateway then click OK

Add a Private Network

Step 4. Click on Private Networks then click the + sign to add a private Network. Specify your Network (CIDR), Send Traffic, TCP Optimization, Ports, and Status then click OK

Add an Authentication Server

Step 5. Click on Authentication then the + sign to add a new Authentication Server. Specify the Password Policy and lockout policy then hit OK

Add an Installation Package

Step 6. Click Installation Package then click the + to add a new installation package. Specify the Gateway, OS (Linux, Mac, or Windows which is default) the Status and the Installation Parameters then hit OK

Create a VPN User

Step 7. Click on Users then hit the + sign to add new users for VPN access. Specify the User ID, Password, Name, Password Details and Status then click OK

Enable SSL VPN Plus Service

Step 8. Last you want to Enable the VPN Service by clicking on Dashboard -> Enable
Step 9. Optional You can add login or logoff scripts by clicking on Login/Logoff Scripts the clicking the + sign. Specify if you want the script to run when a user logs in to the VPN, off the VPN, or both, as well as the script location.
To confirm that the VPN is working, you can console or RDP into the machine, and navigate to https://IP_of_edge/sslvpn-plus
Once you are logged in, you can download the PHAT client by clicking on the link:
Install the package, then navigate to the tray and right click on the VMware SSL VPN-Plus icon and select Login. Then provide your credentials
We can confirm this is working, by using the “route print” command to show our routes. If you look closely, you will notice that I did not have a route to before the VPN, but I have access to after connecting to the VPN.
Next, you will want to Implement Web Access SSL VPN-Plus.


  1. mokhtar -  May 31, 2015 - 3:32 pm 123

    Dear Sean ,,
    Really like every time your explanation is very clear ,, very good
    here in installation Package part i can see gateway as Edge external interface ” 192.168. 18.40 ” that user will connect to it from outside but i think you can also put as
    also i think now need for edge to be connected to internet o download client i think it is included in NSX ova image ,


  2. niri -  October 21, 2017 - 1:50 pm 615

    In installation I have managed to select linux, however when i open https://IP_of_edge/sslvpn-plus i do not see the package to download the Client

    Any suggestions


Leave A Comment

Your email address will not be published. Required fields are marked (required):

Back to Top