How to set up Edge Gateway SSL VPN-Plus


This guide will show you one of the ways to configure the SSL VPN-Plus functionality on an edge gateway.


Although this guide uses a local authentication server, SSL VPN-Plus supports other authentication types, such as AD, LDAP, RADIUS and RSA-ACE.

How to

Create an edge gateway

1. Log in to the Performance Cloud portal.


2. Click on your virtual datacenter.


PCv2 Edge Gateway SSL VPN_1


3. Go to Networking Edges


PCv2 Edge Gateway SSL VPN_2


4. Select your edge gateway and click SERVICES


PCv2 Edge Gateway SSL VPN_3

Configure server settings

1. Go to the SSL VPN-Plus tab


PCv2 Edge Gateway SSL VPN_4


2. Go to the Server Settings tab and configure the following:

  • Enable the SSL VPN server
  • Configure the public IP address of the edge gateway
  • Configure the desired port (443 in this example, but it could be different)
  • Configure Cipher List (could be different than the example, as per your choice)
  • The logging policy and server certificate can be left on default (could be different, as per your choice)


PCv2 Edge Gateway SSL VPN_5


3. Click Save changes


PCv2 Edge Gateway SSL VPN_6


4. Go to the IP Pool tab


5. Click Create New IP Pool

Note: We are going to use the network, but you can choose a different private IP pool according to your requirements. Note that in the example we also decided to use the IP range to and to use OpenDNS servers.


PCv2 Edge Gateway SSL VPN_7

PCv2 Edge Gateway SSL VPN_8

PCv2 Edge Gateway SSL VPN_9


6. Go to the Private Networks tab


7. Create private networks to give access to your Performance Cloud powered by VMware network. In this example, we give access to our VNET-DLapointe ( network:


PCv2 Edge Gateway SSL VPN_10

PCv2 Edge Gateway SSL VPN_11


  • Click “+” to add a new network
  • Network: Your network in Performance Cloud powered by VMware
  • Description: Virtual network description
  • Send Traffic: Over Tunnel
  • Enable TCP Optimization: Enabled
  • Ports: Leave blank
  • Status: Enabled


PCv2 Edge Gateway SSL VPN_12

PCv2 Edge Gateway SSL VPN_13


8. We are now ready to configure authentication. In this example, we use the local server authentication (the only possibility in the GUI at this moment).

Note that LDAP, AD, RADIUS and RSA-ACE authentication server can be configured in the backend by our support team. If you would like to use one of these authentication server types, please contact our support team with the information for your authentication server.


Example of required details to provide our support team for AD authentication:

  • IP address of the AD server
  • Search base (OU containing users that will access SSL VPN, for example)
  • Bind DN (user used to connect to the AD/Service account):
  • Bind password (the bind DN user password):
  • Login attribute name: (if different than sAMAccountName)
  • Search filter: (if different than objectClass=*)


PCv2 Edge Gateway SSL VPN_14


Example of required details to provide our support team for RADIUS authentication:

  • IP address of the RADIUS server
  • Port (if different than default port 1812)
  • Secret key


PCv2 Edge Gateway SSL VPN_15


You can skip the local authentication setup and jump to step 13


To configure a local server authentication, go to the Authentication tab.


PCv2 Edge Gateway SSL VPN_16


  • Click on “+ Local


PCv2 Edge Gateway SSL VPN_17




PCv2 Edge Gateway SSL VPN_18


  • STATUS: Enabled


PCv2 Edge Gateway SSL VPN_19

PCv2 Edge Gateway SSL VPN_20


9. Go to the Installation Packages tab.


PCv2 Edge Gateway SSL VPN_21


10. Click “+” to create a new installation package:

  • Profile Name: Give it a name
  • Gateway: Configure your gateway from where people will download the package. It can even be an external DNS host name.
  • Create installation packages for: Windows is enabled by default and can’t be checked. You have the options for Linux and Mac.
  • Description: Give a description to the package.
  • Enabled: Enable
  • Installation Parameters for Windows: Enable feature according to your requirements


PCv2 Edge Gateway SSL VPN_22

PCv2 Edge Gateway SSL VPN_23

PCv2 Edge Gateway SSL VPN_24


11. Go to the Client Configuration tab

Tunneling mode In split tunnel mode, only the VPN flows through the NSX Edge Gateway. In full tunnel mode, the NSX Edge Gateway becomes the remote user’s default gateway and all traffic (VPN, local, and internet) flows through this gateway.

  • Tunneling mode: Split
  • Enable auto reconnect: Enabled
  • Client upgrade notification: Enabled


PCv2 Edge Gateway SSL VPN_25


12. Go to the Users tab (only required if you are using Local Authentication)


PCv2 Edge Gateway SSL VPN_26


13. Create your users (only required if you are using Local Authentication):

  • Click “+
  • Enter user information


PCv2 Edge Gateway SSL VPN_27

PCv2 Edge Gateway SSL VPN_28

PCv2 Edge Gateway SSL VPN_29


14. Go to the General Settings tab


15. Settings can be left on default (customize as per your requirements)


PCv2 Edge Gateway SSL VPN_30


16. Go to the Firewall tab and make sure the firewall rule was automatically added to permit the Installation Package to be downloaded.


PCv2 Edge Gateway SSL VPN_31


17. If not done already, make sure you have a firewall rule that permits the traffic of the chosen IP pool ( For this example, we configured it so it can’t reach any destination. It can, however, be more restrictive, if required.


PCv2 Edge Gateway SSL VPN_32

Test the SSL VPN-Plus

1. Log in to your gateway IP with the specified port. In this example, we used default 443. You will automatically get redirected to the login page.


PCv2 Edge Gateway SSL VPN_33


2. Log in with your user (local user for this example, but if another authentication method such as AD is used, log in using your AD credentials).


PCv2 Edge Gateway SSL VPN_34


3. Click on the SSL-VPN-Plus Package to download the client


PCv2 Edge Gateway SSL VPN_35


4. Click on "click here" to download the installer


PCv2 Edge Gateway SSL VPN_36


5. Once the package is downloaded, extract the zip file and double-click the installer


PCv2 Edge Gateway SSL VPN_37


6. Click Yes to install the client


PCv2 Edge Gateway SSL VPN_38

PCv2 Edge Gateway SSL VPN_39


7. Once installed, double-click the desktop icon (if you decided to enable the desktop icon). Otherwise, you can right-click the client and click Login from the taskbar.


PCv2 Edge Gateway SSL VPN_40

PCv2 Edge Gateway SSL VPN_41


  • Click Login
  • Accept certificate alert


PCv2 Edge Gateway SSL VPN_42


  • Enter your credentials


PCv2 Edge Gateway SSL VPN_43

PCv2 Edge Gateway SSL VPN_44


  • You have options on the SSL VPN-Plus Client icon at the bottom right of your screen


PCv2 Edge Gateway SSL VPN_45


8. You now have a new Ethernet adapter on your machine.


PCv2 Edge Gateway SSL VPN_46


9. You can perform a ping test to your previously configured private network ( in this example):


PCv2 Edge Gateway SSL VPN_47


Note: If your ping is unsuccessful, make sure that the firewall on the edge gateway is properly configured. Also make sure the remote machine firewall allows ping traffic.