Create SSL VPN-Plus Users in vShield Manager for vCloud Director Instance

July 15, 2015 Jordansphere vCloud Director

As of vCloud Director 5.5 organisational users are still unable to create SSL VPN client connections. Instead this has to be done via vShield Manager by an Administrator.

In this example the organisational network in the vDC is 192.168.5.0/24. I will give a static pool of 192.168.4.1 – 25 to the remote VPN users.

 

The first task is to log into your vShield Manager.

 

When inside the settings of the Edge Gateway select Edges in the View drop-down box then select Edge Gateways at the bottom. Then double click the desired Edge Gateway on the right hand side.

 

ssl-setup-vpn3

 

After that the SSL VPN service is enabled select VPN -> SSL VPN-Plus -> then click Change on the right hand side. In the drop down list choose the IP address you want to apply the SSL connection to and select a port (in this case it is 8443) and also the Cipher. You can also install your own SSL certificate if required.

ssl-setup-vpn1

When complete click IP Pool -> then + (plus) sign.

You will then be offered to insert an SSL VPN IP pool. In this example I am using 192.168.4.1 – 192.168.4.25 (25 users). This is the range of IPs your remote users will obtain. You can also use specific DNS servers and sekect a DNS suffix. 

ssl-setup-vpn2

Next select Private Networks and click the + (plus) sign to create the network you are using internally. In this case I added 192.168.5.0/24. Other interesting options here include whether you want to send external traffic via the tunnel or split tunnel.  You can also Enable TCP Optimization which enhances performance of TCP packets in the VPN tunnel. This is achieved by stripping the TCP headers and only sending data. You can also select the ports that can be accessed over the tunnel. Examples of this are RDP (3389) or SSH (22). This option can be left blank and the user can select firewall rules in the Edge Gateway via vCloud Director portal.

ssl-setup-vpn4

 

The next step is Authentication. In this example I will just be using local users although you can use AD, LDAP, RADIUS or RSA-ACE. There are extra  options as seen in the screenshot below:

ssl-setup-vpn5

The next category to configure is the Installation Package.

In this example I created a profile called Default. There are various options to select at the bottom regarding parameters for Windows  – which you can toggle to your users needs.

ssl-setup-vpn6

The last step is to click Users and add a local user

ssl-setup-vpn7

 


There are other options like Portal Customization and Login/Logoff Scripts that you can tweak but the above settings should be enough to establish a SSL VPN connection.

When complete select Dashboard then click Enable on the right hand side. This should toggle the button to disable.

 

If you are using vCloud Director you may also have to ensure traffic is allowed from the IP Pool (192.168.4.1 – 25) you defined earlier to the internal network of the vCloud Director Organization (192.168.5.0/24).  Log into your vCloud Director portal, navigate to your vShield Edge device and add a rule to allow (in this case) HTTP traffic from the VPN range to the internal network.

ssl-setup-vpn8

That should complete the process. Click http://www.jordansphere.co.uk/connect-to-vcl…-using-ssl-vpn for how to install and connect the SSL VPN-Plus client to the vShield Edge.

 

 

 

Powered by WordPress. Designed by elogi.