Setup SSL VPN on Advanced Edge Gateway

SSL VPN allows clients to establish VPN connections from home/remote locations, into the hosted environment.

Prerequisite

Note: if you do not to see 'SSL VPN-Plus' as a menu option in your Edge Gateway, please contact the vGRID support team.

Steps to setuSSL VPN

Log into vCloud Director - Tenant Portal

  1. Navigate to Networking > Edges menu
  2. Highlight your Edge Gateway and then click 'Configure Services'
    EdgeGateway-Configure

Log into vCloud Director - Flex Portal

  1. Go to the Administration Tab
  2. Select the Virtual Datacenters section and open your Virtual Datacenter.
  3. Select the Edge Gateways Tab which will show you the Edge Gateway for your account.
  4. Right click the Edge Gateway to bring up the context menu and select Edge Gateway Services....
    EdgeGateway-Configure2

Go to SSL VPN-Plus > Authentication

Create/edit the local Authentication service, and defining the password policy options that will be used

Go to SSL VPN-Plus > Server Settings

These are the setting for the VPN server

SSLVPN-Setup-Server01

  1. Toggle the Enable button to ON
  2. Select the IP address of the Edge gateway which will be used as the VPN connection endpoint - should have (Primary) at the end
  3. Change the port (if required)
  4. Click 'Save changes'

Go to SSL VPN-Plus > Private Networks

This is the internal network range of your hosted servers, which clients will be connecting to.

Click the '+' button under SSL VPN-Plus Private Networks

SSLVPN-Setup-Server02

 

 

Enter the IP range of the Private network

Enter a description (optional)

 

 

 

Click Keep

Go to SSL VPN-Plus > IP Pools

This is the network range that clients will be assigned when connecting.  Avoid common IP ranges to ensure that subnet do not overlap.

Click the '+' button

SSLVPN-Setup-Server03

 

 

Enter IP Range
Enter Netmask
Enter Gateway
Enter Description (optional)

Toggle Status to On

Advanced (optional)

Enter Primary DNS
Enter Secondary DNS
Enter DNS Suffix

If you wish to use Full Tunnel rather than Split Tunnel
Ensure that you have added the optional Advanced setting in your IP Pool
Go to SSL VPN-Plus > Client Configuration
- Change the Tunneling mode from Split Tunnel to Full Tunnel
- Enter the default gateway

Go to SSL VPN-Plus > Users

This section is where you create user accounts.
Click the '+' button

SSLVPN-Setup-Server04

 

 

Enter the user name
Enter the password
Confirm the password

Enter First name (optional)
Enter Last name (optional)
Enter Description (optional)

 

Enable / disable options for the

 

Set your Password requirements.

 

Press Keep

Go to SSL VPN-Plus > Installation Packages

This allows you to set the options that will be used by the VPN Client.
Click the '+' button

SSLVPN-Setup-Server05

 

 

Enter a profile name -- this will be the name of connection in the VPN Client
Enter the gateway address and port number --
this is the endpoint that the VPN client will connect to.
Tick the OS that you require the VPN Client software (Windows is selected by default)


Enter a description (optional)

Select the options for Windows clients
 - Allow remember password
 - Enable silent mode installation
 - Hide SSL client network adapter
 - Hide client system tray icon
 - Create desktop icon
 - Enable silent mode operation
 - Server security certificate validation
Press Keep

Go to SSL VPN-Plus > General Settings

Adjust the settings as required

Go to Firewall tab

Confirm that 'firewall' and 'sslvpn' rules has been added (as pictured below).

SSLVPN-Setup-Server06

And adjust the sslvpn rule to match those settings selected under ‘SSL VPN-Plus > Server Settings’ if they do not match.

Add firewall rule to allow traffic between the IP Pool range & the server network

Add firewall rule to allow traffic between the server network & IP Pool range

 

 

If you require further assistance, please contact our Service Desk by emailing support@vgrid.nz