Skip to content

vBlog.nl

All about technology

Menu
  • Home
  • VMware Cloud Director
  • vSphere
  • Automation
    • PowerCLI
    • PowerShell
    • Terraform
  • NSX
  • Horizon DaaS
  • About Us
Menu

Configuring SSL VPN-Plus in vCloud Director

Posted on January 30, 2020

This article shows how configuring SSL VPN-Plus on an NSX Edge in vCloud Director is done.

Below you can find the specifics of my lab setup:

  • Organization: vBlog.nl
  • Org VDC: Org-VDC-vBlog.nl-01
  • NSX Edge: Edge-Org-VDC-vBlog.nl-01
  • Public IP: 5.39.172.xxx
  • LAN / Local network: 192.168.100.254/24
  • VPN network: 10.10.10.0/24

The steps we need to take to configure SSL VPN-Plus are:

  1. Configure an authentication server
  2. Setup the VPN server
  3. Define the LAN / Local network
  4. Configure an installation package
  5. Setup an IP pool to assign IP addresses to the VPN users
  6. Add VPN user(s)
  7. Configure the firewall
  8. Test the SSL VPN connection

Table of Contents

  • Let’s start configuring the NSX Edge!
  • Configure an authentication server
  • Setup the SSL VPN server
  • Define the LAN / Local network
  • Configure an installation package
  • Setup an IP pool
  • Add VPN users
  • Configure the firewall
  • Test the SSL VPN connection

Let’s start configuring the NSX Edge!

Open the Org VDC with the NSX Edge you want to configure for SSL VPN-Plus
Open the Org VDC with the NSX Edge you want to configure for SSL VPN-Plus
Navigate to Edges > Select the Edge and choose Services
Navigate to Edges > Select the NSX Edge and choose Services

Configure an authentication server

Navigate to SSL VPN-Plus > Authentication and choose Local
Navigate to SSL VPN-Plus > Authentication and choose Local
  • Enable the Password Policy > Adjust the Password Length, Characters, etc.
  • Toggle Password should not contain user ID and define the Password Expiry policy
  • Define the Retry Count, Duration and toggle Enabled
Configure the Password Policy matching your needs

Setup the SSL VPN server

 Navigate to SSL VPN-Plus > Server settings > Toggle Enabled > Select the Public IP and Port for SSL VPN > Choose AES-256-SHA and choose Save Settings in the yellow bar.
Navigate to SSL VPN-Plus > Server settings > Toggle Enabled > Select the Public IP and Port for SSL VPN > Choose AES-256-SHA and choose Save Settings in the yellow bar.

Define the LAN / Local network

Navigate to Private Networks and choose the Plus sign to define your local networks
Navigate to Private Networks and choose the Plus sign to define your local networks
  • Configure your LAN / Local network
  • Toggle Status and choose Keep
Add the local network(s) you want to be able to reach when connected to the VPN Server.
Choose Save settings in the yellow bar before we continue to the next steps.
Choose Save settings in the yellow bar before we continue to the next steps.

Configure an installation package

Head over to the Installation Packages section and choose the Plus sign.
Head over to the Installation Packages section and choose the Plus sign.
  • Give a name to the package and define the Gateway IP and Port
  • Add a description > Toggle Enabled > define Installation Parameters and choose Keep
Add a new installation package

Setup an IP pool

Navigate to IP Pools and choose the Plus sign
Navigate to IP Pools and choose the Plus sign
  • Enter your IP range, Netmask and Gateway
  • Toggle Status and configure your DNS settings
Configure the IP Pool with an IP range, Subnet, Gateway, etc and choose Keep

Add VPN users

Navigate to Users and choose the Plus sign
Navigate to Users and choose the Plus sign
Add your user(s) and choose Keep
Add your user(s) and choose Keep
A new firewall rule will be automatically
A new firewall rule for the public portal will be automatically created

Configure the firewall

Navigate to Grouping Objects and choose the Plus sign
  • IP Set for LAN
  • IP Set for SSL VPN
Add a new IP Set for the LAN and SSL VPN subnet
Add a new firewall rule to allow traffic coming from the SSL VPN subnet to the LAN subnet using the IP sets we just created.

Test the SSL VPN connection

Use your browser to navigate to your new SSL VPN-Plus portal and login
Use your browser to navigate to your new SSL VPN-Plus portal and login
Download and install the VPN client
Download and install the VPN client
Open the VMware SSL VPN-Plus client and choose Connect

And we’re done configuring SSL VPN-Plus in vCloud Director.
Now you can browse, ping, RDP, SSH, etc. to the machines in your LAN subnet!

Check out our vCloud Director related articles here.
Check out our NSX related articles here.
Check out official VMware NSX documentation here.

Loading

Share on Social Media
twitter facebook linkedin reddit emailwhatsapptelegram

2 thoughts on “Configuring SSL VPN-Plus in vCloud Director”

  1. Radek says:
    April 11, 2020 at 1:21 pm

    Great article, thanks for that. But I have a question:
    What do one needs to do if he wants to allow full internet access of ssl vpn-plus clients via edge gateway?
    How to configure firewall/NAT in full tunnel mode?
    Is it possible to route all client traffic to internet via edge gateway?

    Thanks

    Reply
  2. Lawrence says:
    September 2, 2021 at 4:04 pm

    Have you ever seen issues with accounts with expired passwords not being able to reset the password through the client. Using AD Authentication Service.

    Thanks.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent articles

  • vCloud Director API – Couldn’t connect to cloud server with the provided session id May 24, 2023
  • Horizon DaaS – Maximum sessions exceeded May 9, 2023
  • VMware Cloud on AWS with FSx for NetApp ONTAP December 28, 2022
  • Workspace ONE Access – Change certificate December 22, 2022
  • UI themes for VMware Cloud Director 10.4.1 and later December 16, 2022
  • VMware Tanzu Kubernetes Grid December 15, 2022
  • Workspace One Access – Not logged in to server FQDN. Please invoke Save before Sync December 12, 2022
  • NSX Edge configuration has failed. 1G hugepage support required. December 7, 2022
  • Horizon DaaS – Unable to connect to Desktop November 24, 2022
  • How to: Request and Install a Lets Encrypt Wildcard SSL on VMware Cloud Director 10.4 October 17, 2022

Tags

Automation bootstrapping Container Service Extension Credential Manager Desktone.log ESXi EUC EXi GPU Horizon DaaS Instant-Clone Logging NSX nsx-t PowerCLI PowerShell Putty Raspberry PI SSL Tanzu Terraform update vcd-cli vCenter vCloud vCloud Availability vCloud Director VDI vGPU VMware VMworld vSAN vSphere vVols workspace one Zerto

VMware Cloud Provider Blog

  • In the cloud world, one size doesn’t fit all
    by Vijoo Chacko on June 2, 2023 at 7:25 am

    The size make-up of enterprises in an industry can vary from sector to sector. Take for example, the commercial aviation industry. When did you last fly in a commercial plane that was not a Boeing or an Airbus? This is an industry clearly dominated by two major companies. Whereas the automotive industry is an example … Continued The post In the cloud world, one size doesn’t fit all appeared first on VMware Cloud Provider Blog.

  • Reminder: VMware Cloud Director Availability 4.2 and 4.3 End of General Support Approaching
    by Nikolay Patrikov on May 23, 2023 at 3:17 pm

    Keeping VMware Cloud Director Availability always up-to-date guarantees having all the latest and greatest features available for you and your tenants. But one more reason to consider it now is VMware Cloud Director Availability 4.2.x and 4.3.x will reach End of General Support (EOGS) on June 10, 2023, and will no longer be available for download from the VMware download pages. To ensure you … Continued The post Reminder: VMware Cloud Director Availability 4.2 and 4.3 End of General Support Approaching appeared first on VMware Cloud Provider Blog.

  • VMware Aria Rebranding on VMware Cloud Partner Navigator
    by Sulakshna Shrivastava on May 23, 2023 at 2:06 am

    We recently announced the renaming of the products within our Cloud Management family. These Aria rebranding updates have been implemented on the VMware Cloud Partner Navigator portal The post <strong>VMware Aria Rebranding on VMware Cloud Partner Navigator</strong> appeared first on VMware Cloud Provider Blog.

  • Upgrade vSphere now: vSphere 6.5 and 6.7 end of technical guidance is coming this November
    by Christopher Wong on May 20, 2023 at 3:00 pm

    With the general availability of VMware vSphere 8 Update 1, we would like to remind our Cloud Services Provider partner community that the end of general support for vSphere 6.5 and vSphere 6.7 was October 15, 2022. These versions are now under technical guidance until November 15, 2023. During the technical guidance phase, VMware does … Continued The post Upgrade vSphere now: vSphere 6.5 and 6.7 end of technical guidance is coming this November appeared first on VMware Cloud Provider Blog.

  • VMware NSX Migration for VMware Cloud Director 1.4.2 is now GA
    by Jaikishan Tayal on May 9, 2023 at 2:05 pm

    We’re thrilled to announce the release of the VMware NSX Migration tool for VMware Cloud Director 1.4.2! What is this Tool? If you are unaware of the VMware NSX Migration for VMware Cloud Director Tool, it can help you migrate your environment from NSX for vSphere to NSX T Data Center if you are currently … Continued The post VMware NSX Migration for VMware Cloud Director 1.4.2 is now GA appeared first on VMware Cloud Provider Blog.

©2023 vBlog.nl | Design: Newspaperly WordPress Theme