Implement Network Access SSL VPN-Plus
Network Access SSL VPN Plus allows remote users to access private networks. In order to do so, you will need to configure multiple different options, including adding an installation package that the user will download and install before accessing the network. To configure the Edge Services Gateway for Network Access SSL VPN-Plus, please follow the steps below.
Add SSL VPN server settings for an NSX Edge Interface
Step 1. On your Edge Services Gateway under SSL VPN-Plus select Server Settings and then click Change
Step 2. Specify an IPv4 (or IPv6) address, a port, a cipher list, and server certificate then hit OK. If you haven’t configured self signed or CA certificates for the ESG, click here to create certificates. Otherwise you can select the checkbox Use Default Certificate.
Create a VPN IP Pool
Step 3. Click on IP Pool then click the + sign to add a new IP pool for the users. You will need to specify a(n) IP Range, Netmask, and Gateway then click OK
Add a Private Network
Step 4. Click on Private Networks then click the + sign to add a private Network. Specify your Network (CIDR), Send Traffic, TCP Optimization, Ports, and Status then click OK
Add an Authentication Server
Step 5. Click on Authentication then the + sign to add a new Authentication Server. Specify the Password Policy and lockout policy then hit OK
Add an Installation Package
Step 6. Click Installation Package then click the + to add a new installation package. Specify the Gateway, OS (Linux, Mac, or Windows which is default) the Status and the Installation Parameters then hit OK
Create a VPN User
Step 7. Click on Users then hit the + sign to add new users for VPN access. Specify the User ID, Password, Name, Password Details and Status then click OK
Enable SSL VPN Plus Service
Step 8. Last you want to Enable the VPN Service by clicking on Dashboard -> Enable
Step 9. Optional You can add login or logoff scripts by clicking on Login/Logoff Scripts the clicking the + sign. Specify if you want the script to run when a user logs in to the VPN, off the VPN, or both, as well as the script location.
To confirm that the VPN is working, you can console or RDP into the machine, and navigate to https://IP_of_edge/sslvpn-plus
Once you are logged in, you can download the PHAT client by clicking on the link:
Install the package, then navigate to the tray and right click on the VMware SSL VPN-Plus icon and select Login. Then provide your credentials
We can confirm this is working, by using the “route print” command to show our routes. If you look closely, you will notice that I did not have a route to 172.16.10.0 before the VPN, but I have access to 172.16.10.0 after connecting to the VPN.
Next, you will want to Implement Web Access SSL VPN-Plus.
2 Comments
Dear Sean ,,
Really like every time your explanation is very clear ,, very good
here in installation Package part i can see gateway as Edge external interface ” 192.168. 18.40 ” that user will connect to it from outside but i think you can also put as 172.16.31.1
also i think now need for edge to be connected to internet o download client i think it is included in NSX ova image ,
BR
Mokhtar
In installation I have managed to select linux, however when i open https://IP_of_edge/sslvpn-plus i do not see the package to download the Client
Any suggestions