Configuring SSL VPN-Plus in vCloud Director

Posted on January 30, 2020

This article shows how configuring SSL VPN-Plus on an NSX Edge in vCloud Director is done.

Below you can find the specifics of my lab setup:

Organization: vBlog.nl
Org VDC: Org-VDC-vBlog.nl-01
NSX Edge: Edge-Org-VDC-vBlog.nl-01
Public IP: 5.39.172.xxx
LAN / Local network: 192.168.100.254/24
VPN network: 10.10.10.0/24

The steps we need to take to configure SSL VPN-Plus are:

Configure an authentication server
Setup the VPN server
Define the LAN / Local network
Configure an installation package
Setup an IP pool to assign IP addresses to the VPN users
Add VPN user(s)
Configure the firewall
Test the SSL VPN connection

Table of Contents

Let’s start configuring the NSX Edge!

Open the Org VDC with the NSX Edge you want to configure for SSL VPN-Plus

Navigate to Edges > Select the Edge and choose Services — Navigate to Edges > Select the NSX Edge and choose Services

Configure an authentication server

Navigate to SSL VPN-Plus > Authentication and choose Local

Enable the Password Policy > Adjust the Password Length, Characters, etc.

Enable the Password Policy > Adjust the Password Length, Characters, etc.

Setup the SSL VPN server

Navigate to SSL VPN-Plus > Server settings > Toggle Enabled > Select the Public IP and Port for SSL VPN > Choose AES-256-SHA and choose Save Settings in the yellow bar.

Define the LAN / Local network

Navigate to Private Networks and choose the Plus sign to define your local networks

Configure your LAN / Local network

Configure your LAN / Local network

Choose Save settings in the yellow bar before we continue to the next steps.

Configure an installation package

Head over to the Installation Packages section and choose the Plus sign.

Give a name to the package and define the Gateway IP and Port

Give a name to the package and define the Gateway IP and Port

Setup an IP pool

Navigate to IP Pools and choose the Plus sign

Enter your IP range, Netmask and Gateway

Enter your IP range, Netmask and Gateway

Add VPN users

Navigate to Users and choose the Plus sign

Add your user(s) and choose Keep

A new firewall rule will be automatically — A new firewall rule for the public portal will be automatically created

Configure the firewall

Navigate to Grouping Objects and choose the Plus sign

IP Set for LAN

IP Set for LAN

Add a new firewall rule to allow traffic coming from the SSL VPN subnet to the LAN subnet using the IP sets we just created.

Test the SSL VPN connection

Use your browser to navigate to your new SSL VPN-Plus portal and login

Download and install the VPN client

Open the VMware SSL VPN-Plus client and choose Connect

And we’re done configuring SSL VPN-Plus in vCloud Director.
Now you can browse, ping, RDP, SSH, etc. to the machines in your LAN subnet!

Check out our vCloud Director related articles here.
Check out our NSX related articles here.
Check out official VMware NSX documentation here.

5,660 total views, 23 views today

Share on Social Media

2 thoughts on “Configuring SSL VPN-Plus in vCloud Director”

Radek says:
April 11, 2020 at 1:21 pm
Great article, thanks for that. But I have a question:
What do one needs to do if he wants to allow full internet access of ssl vpn-plus clients via edge gateway?
How to configure firewall/NAT in full tunnel mode?
Is it possible to route all client traffic to internet via edge gateway?
Thanks
Reply
Lawrence says:
September 2, 2021 at 4:04 pm
Have you ever seen issues with accounts with expired passwords not being able to reset the password through the client. Using AD Authentication Service.
Thanks.
Reply

Leave a Reply Cancel reply

VMware Cloud Provider Blog

Confidential Computing, Part 2: The Technical Bits
by John Manferdelli on December 6, 2022 at 9:10 am
Part 1 of this series on Confidential Computing introduced the basic concepts and benefits of this emerging architecture for cloud computing. In this segment, we’ll dive deeper into the inner workings of this architecture and take a peek at some of the implementation challenges. Confidential Computing aims to significantly change how data security in cloud computing … Continued The post Confidential Computing, Part 2: The Technical Bits appeared first on VMware Cloud Provider Blog.
Advanced Recovery Settings and More Operational Improvements in VMware Cloud Director Availability 4.5
by Nikolay Patrikov on December 5, 2022 at 9:29 am
Along with the already announced enhancements to vSphere DR and Migration and the set of Provider-oriented features, VMware Cloud Director Availability 4.5 also brings some more operational improvements. Advanced Recovery Settings One of the most exciting new features is the new recovery settings menu that offers a complete set of replication customizations based on the VMware Cloud Director Guest … Continued The post Advanced Recovery Settings and More Operational Improvements in VMware Cloud Director Availability 4.5 appeared first on VMware Cloud Provider Blog.
Confidential Computing, Part 1: Tackling the Challenge of Multi-cloud, Distributed Security at Scale
by John Manferdelli on December 1, 2022 at 12:26 pm
In this three-part series, readers will learn all about Confidential Computing, an emerging standard for providing secure distributed security at scale. Though Confidential Computing environments provide obvious benefits, adoption and implementation barriers loom large. With the introduction of the open source Certifier Framework project by VMware, barriers to implementation diminish, putting the reality and benefits … Continued The post Confidential Computing, Part 1: Tackling the Challenge of Multi-cloud, Distributed Security at Scale appeared first on VMware Cloud Provider Blog.
New Features in VMware Cloud Director Availability 4.5 to Facilitate Cloud Provider Operations
by Nikolay Patrikov on November 30, 2022 at 1:50 pm
Simplicity and usability are key for a product to be successful. With every next release, we strive to deliver consistently new features that improve the overall experience for Cloud Providers and their tenants. VMware Cloud Director Availability 4.5 is no exception to that – we have plenty of new features focused on helping Cloud Providers deliver … Continued The post New Features in VMware Cloud Director Availability 4.5 to Facilitate Cloud Provider Operations appeared first on VMware Cloud Provider Blog.
Drive More Migration to Cloud with Our Updated 4.5 Migration Enhancements
by Nikolay Patrikov on November 28, 2022 at 3:31 pm
After enabling the dedicated VMware vSphere Clouds as a replication destination with the previous release, now we are pleased to present the major improvements that we did in VMware Cloud Director Availability 4.5. The new features cover several aspects – deployment, operability, and scalability. New Pairing When vSphere DR and Migration was first introduced in … Continued The post Drive More Migration to Cloud with Our Updated 4.5 Migration Enhancements appeared first on VMware Cloud Provider Blog.