This article shows how configuring SSL VPN-Plus on an NSX Edge in vCloud Director is done.

Below you can find the specifics of my lab setup:

  • Organization: vBlog.nl
  • Org VDC: Org-VDC-vBlog.nl-01
  • NSX Edge: Edge-Org-VDC-vBlog.nl-01
  • Public IP: 5.39.172.xxx
  • LAN / Local network: 192.168.100.254/24
  • VPN network: 10.10.10.0/24

The steps we need to take to configure SSL VPN-Plus are:

  1. Configure an authentication server
  2. Setup the VPN server
  3. Define the LAN / Local network
  4. Configure an installation package
  5. Setup an IP pool to assign IP addresses to the VPN users
  6. Add VPN user(s)
  7. Configure the firewall
  8. Test the SSL VPN connection

Let’s start configuring the NSX Edge!

Open the Org VDC with the NSX Edge you want to configure for SSL VPN-Plus
Open the Org VDC with the NSX Edge you want to configure for SSL VPN-Plus
Navigate to Edges > Select the Edge and choose Services
Navigate to Edges > Select the NSX Edge and choose Services

Configure an authentication server

Navigate to SSL VPN-Plus > Authentication and choose Local
Navigate to SSL VPN-Plus > Authentication and choose Local

Setup the SSL VPN server

 Navigate to SSL VPN-Plus > Server settings > Toggle Enabled > Select the Public IP and Port for SSL VPN > Choose AES-256-SHA and choose Save Settings in the yellow bar.
Navigate to SSL VPN-Plus > Server settings > Toggle Enabled > Select the Public IP and Port for SSL VPN > Choose AES-256-SHA and choose Save Settings in the yellow bar.

Define the LAN / Local network

Navigate to Private Networks and choose the Plus sign to define your local networks
Navigate to Private Networks and choose the Plus sign to define your local networks
Choose Save settings in the yellow bar before we continue to the next steps.
Choose Save settings in the yellow bar before we continue to the next steps.

Configure an installation package

Head over to the Installation Packages section and choose the Plus sign.
Head over to the Installation Packages section and choose the Plus sign.

Setup an IP pool

Navigate to IP Pools and choose the Plus sign
Navigate to IP Pools and choose the Plus sign

Add VPN users

Navigate to Users and choose the Plus sign
Navigate to Users and choose the Plus sign
Add your user(s) and choose Keep
Add your user(s) and choose Keep
A new firewall rule will be automatically
A new firewall rule for the public portal will be automatically created

Configure the firewall

Navigate to Grouping Objects and choose the Plus sign
Add a new firewall rule to allow traffic coming from the SSL VPN subnet to the LAN subnet using the IP sets we just created.

Test the SSL VPN connection

Use your browser to navigate to your new SSL VPN-Plus portal and login
Use your browser to navigate to your new SSL VPN-Plus portal and login
Download and install the VPN client
Download and install the VPN client
Open the VMware SSL VPN-Plus client and choose Connect

And we’re done configuring SSL VPN-Plus in vCloud Director.
Now you can browse, ping, RDP, SSH, etc. to the machines in your LAN subnet!

Check out our vCloud Director related articles here.
Check out our NSX related articles here.
Check out official VMware NSX documentation here.

 1,506 total views,  3 views today