This article shows how configuring SSL VPN-Plus on an NSX Edge in vCloud Director is done.
Below you can find the specifics of my lab setup:
- Organization: vBlog.nl
- Org VDC: Org-VDC-vBlog.nl-01
- NSX Edge: Edge-Org-VDC-vBlog.nl-01
- Public IP: 5.39.172.xxx
- LAN / Local network: 192.168.100.254/24
- VPN network: 10.10.10.0/24
The steps we need to take to configure SSL VPN-Plus are:
- Configure an authentication server
- Setup the VPN server
- Define the LAN / Local network
- Configure an installation package
- Setup an IP pool to assign IP addresses to the VPN users
- Add VPN user(s)
- Configure the firewall
- Test the SSL VPN connection
Let’s start configuring the NSX Edge!


Configure an authentication server

Enable the Password Policy > Adjust the Password Length, Characters, etc. Toggle Password should not contain user ID and define the Password Expiry policy Define the Retry Count, Duration and toggle Enabled
Setup the SSL VPN server

Define the LAN / Local network

Configure your LAN / Local network Toggle Status and choose Keep

Configure an installation package

Give a name to the package and define the Gateway IP and Port Add a description > Toggle Enabled > define Installation Parameters and choose Keep
Setup an IP pool

Enter your IP range, Netmask and Gateway Toggle Status and configure your DNS settings
Add VPN users



Configure the firewall

IP Set for LAN IP Set for SSL VPN

Test the SSL VPN connection



And we’re done configuring SSL VPN-Plus in vCloud Director.
Now you can browse, ping, RDP, SSH, etc. to the machines in your LAN subnet!
Check out our vCloud Director related articles here.
Check out our NSX related articles here.
Check out official VMware NSX documentation here.
Great article, thanks for that. But I have a question:
What do one needs to do if he wants to allow full internet access of ssl vpn-plus clients via edge gateway?
How to configure firewall/NAT in full tunnel mode?
Is it possible to route all client traffic to internet via edge gateway?
Thanks
Have you ever seen issues with accounts with expired passwords not being able to reset the password through the client. Using AD Authentication Service.
Thanks.
Excelente manual, sirvio de mucho