Configuring SSL VPN-Plus

Updated by Anthony Hakim on May 17, 2018
Article Code: cpcovcf1045

Description

You have this new CenturyLink Private Cloud on VMware Cloud Foundation™ environment, but how do you securely connect to your servers? Some customers have the option of using a site-to-site VPN tunnel, MPLS, CNS, etc. If your company doesn't have these options available, follow the steps below to configure SSL VPN-Plus with the suggested settings, so that you can provide secure access to your environment.

Once you are done with this configuration, take a look at How to Securely Connect for the client portion of this.

Steps

  • Login to your CenturyLink Private Cloud on VMware Cloud Foundation environment.

    Login to CenturyLink Private Cloud on VMware Cloud Foundation

  • Once logged in, click Administration at the top.

    SSL VPN-Plus

  • Double-click your Org VDC to open.

    SSL VPN-Plus

  • In the org001-vdc page (your name may vary), click on the Edge Gateways tab, then right-click your tenant-edge-0, then select Edge Gateway Services... A new tab will open.

    SSL VPN-Plus

  • In the new Edge Gateway Services tab, click on the SSL VPN-Plus tab.

    SSL VPN-Plus

  • In the General Settings tab, enable Prevent multiple logon using same username. All other settings are left as default.

    SSL VPN-Plus

  • In the Client Configuration tab, all settings are left as default.

    SSL VPN-Plus

  • In the Users tab, create SSL VPN-Plus user accounts so that they can connect to download the SSL VPN-Plus client, and then in turn, connect to the SSL VPN. Create accounts by clicking the + and entering the relevant information. It is recommended that no shared accounts are created — this aligns with the setting in the General Settings tab as mentioned above.

    SSL VPN-Plus

  • The IP Pools tab allows you to create pools of IP addresses that will be assigned to the VPN clients that connect to the SSL VPN-Plus service. It is recommended that you add an IP Pool using addresses that don't exist in any network within your CenturyLink Private Cloud on VMware Cloud Foundation environment. Create IP Pools by clicking the + and entering the IP Range, Gateway and Netmask, at a minimum. You must also ensure the Status of the IP Pool is enabled.

    SSL VPN-Plus

  • In the Installation Packages tab, click the + to create a new SSL VPN-Plus client installation package. We recommend that you create one package for all OS types (Windows, Linux, Mac). The Gateway address is an IPv4 address that has been assigned as a Sub-Allocated IP Pool in the Edge Gateway Properties. This must be an IP address that is not used by anything else within your CenturyLink Private Cloud on VMware Cloud Foundation environment.

    SSL VPN-Plus

  • In the Private Networks tab, add the existing networks that have been defined, so that VPN clients can access the resources on those networks.

    SSL VPN-Plus

  • In the Server Settings tab, select the IPv4 address you assigned as the Gateway in the Installation Package, and enter the port number. You must also ensure Enabled has been selected.

    SSL VPN-Plus

  • In the Authentication tab, all settings are left as default.

    SSL VPN-Plus