VCIX-NV-22 – Implement Network Access SSL VPN-Plus and Web Access SSL VPN-Plus

today’s video is going to be about configuring and governing the logical virtual private system or VPN so well before I’m going to do that I am first going to show you a system selecting that I established the network setup in order to test all elements of this well section configuring all elements of the VPN section so there are three different type of VPN connections that you can perform with NSX or the nsx periphery business gateway one of them is the SSL VPN so with the SSL VPN you mostly more you configure it and then you can SSL VPN with a fat purchaser from a browser or well a machine Windows machine Linux machine or a Mac you can you can setup a connection with a with a with a overweight patient towards the ESG and then from there on you can access your internal structure resources for example this website so that’s one the VPN type another PPN type is the IPSec VPN where we basically set up a an IPSec VPN between an ESG and another ESD or an ESD and for example a Cisco device and what you can do here is you can for example this Cisco device now has this system configure it as a loopback it’s 1 I 2 to 1 6 to 8 at 1:30 that’s 0/24 and well this internal environment has a lot of networks so for example now you have the database server and that’s going to be my speciman where you where we are able to access this network here behind the cisco router from this well database server network or the other way around so that’s these are two different networks as you can see and that’s well reason why we should have an IPSec VPN and the other type of VPN is the blanket 2 VPN where we have a server side and a client slope and well the meeting with the blanket 2 VPN is basically that you set up a well you mostly stretch a feel and or a VX LAN or F E flat to a VLAN and the something that’s are the same so you can see here this is a 192.168 12.0 reduction 24 subnet and now you can see the same and the end goal will be that we are able to well pin from this machine here to this application server to this application server here so let’s start well this is my set up so so let’s start with with well let’s first of all start with generating the certificate or basically making a authorization and cell discipline ego signed authorization to engine render the signing request so let’s as you can see here I open three tabs really to move things a little bit more up so this step that’s the end of six environment open this one has all my legions open and this one is the networking part where I have my pit this is beautiful swaps so let’s start with four at the end six exert you can see here in the gather I have created two es geez especially for this purpose so this one is going to be BSD if you pin one this one is going to be the easiest evpn to so on both es geez so these two now let’s start with you with this one there one go to manage and you can see certificates here so as you can see here I previously configured it and what I’ve done is I rendered a CSR and the common honour is just a figure that you type in here my common figure was I don’t know what I’m what I reputation it but “the organizations activities” I think it was pc x something and time these are just well you represent generate csr you character these things in so once that once that’s done this is the csr now you can see the confine follower coding now once that’s done you basically go to action and generate a selfsigned certificate so self indicated certification based on this csr so that’s that role there’s also another thing that we need to do and that’s we need to enable we need to enable logging or we need to be able to do that for the pcix exam so with entering you basically go to the IPSec VPN sound now and then you can see a login program and here you articulated a check and well you can made this on all type of things i’ve just make it on the info so to end of logging you simply check this box determine the logging tier that you actually miss and there you’re off the pas so we are going to start with configuring the ssl VPN so it’s already preconfigured so i’m just going to show you what I’ve done so let’s go to the no let’s disable that is something that I need to disable this SSO no I need to say layer 2 VPN because SSL VPN+ and the stratum 2 VPN server cannot well run together so as this one is enabled here I need to disable it firstly because otherwise I is not be able to enable the SSL VPN service ok let’s first start with things that we need to set up and I told you I have recently been configured it so this is disabled right now I will be allowed to a little bit later so let’s go to server defines and now you can see or you can change a bunch of things the ipv4 address so this is just the boundary address that I made if you go to settings and boundaries “youre seeing” I’ve created two boundaries here this is just the boundaries that or interface that’s go that’s connected to my physical network so let’s go back and you can see here that I you are eligible to this you can select this and why I adopted this one there’s no ipv6 address the port that I want to have it listened on is 4 4 3 sorry for list type of encryption data that I want to use and I want to use the default certificate so I exactly affected OK here now cancel because it’s already configured so formerly that done and you configure it in I parties so the IP pool is going to be the IP address that “now youre going” or that the SSL consumers are going to get when they actually well login so my people was 172 that’s 16 that 11.0 this is going to be my I people and as you can see here let’s go to I parties I configure this so let’s go to edit and you can see my collection is going to be well starting from the IP address to until the average is 10 so I have just a handful of consumers that I can impede delegate an IP address to so this is the net mask I’m going to do flog 24 and this is a very important IP address now because this is going to be the gateway and this is going to be the gateway where these patients or just as a soul VPN purchasers are going to connect it so well I’ve determined that difficult to be my dud one and starting from the two until that ten I’m going to delegate IP addresses well the primary DNS I only used Google Google ones nothing special so that’s it cancel sorry configured now well the private systems is something that is the network that you that that’s well inside your virtual environment or Insull inside your and a6 environment that you want to be sure that your VPN patrons can access so for example now I have for example 213 my web servers are still in 192.168.0 system and I determined that well my private networks are exclusively the data 192.168 at 13 that 0 network or is it only network that I can access so as you can see here let’s go to the private structure and you can see here this subnet is the one that I want to have sent over the passageway or optimized and it’s right now it’s enabled I can also change that I are also welcome to add another one so for example if I want to have well worn networks if I have want to have for example the 12 and the 14 doesn’t really matter right now I have just simply an enabled one network here so the authentication is set to regional right now you can you have different options now you can have departed directory LDAP radius parasite H and I’ve placed it to neighbourhood that means that it will check my group credentials locally now you can see it now so let’s look at the designates you really adopted neighbourhood enable password programme or my password can be very long and there’s no well there are no special things that I want to have year I will just leave leave it playing a simple my password expires in well three days and I get an experiment off’ occation 25 dude those are just situates you can use your support we have to cancel because it’s already configured neighbourhood well of course you need to have customers and I have only defined one user here which is myself and as you can see here this is my user it’s just playing a simple you can type in a password I can say okay password will never expire so that well overrule the employment installs now and I’m too handing the option to allow to change the password well user IDs once appointed let’s leave that safe now so there another thing that you will need to configure and that’s the facility package the facility container is mostly the box that is going to be used in order to install the FET client so right now “youre seeing” I have only or I’ve selected Windows is selected by default and I’ve adopted an installation packet for the Mac right now I’m running the newest version of Mac and I’ve measured this and it doesn’t work so probably VMware needs to change something in order to support or in order to load in the client for the brand-new Mac it croaks it could also be that they’ve already done it but right now with this version it really doesn’t work so for Windows it’s it’s enabled you can see here you can set up different constants oh I precisely left it playing a simple now so well I didn’t allow remember password so well the client can check that box to allow let’s remember password and create a desktop I can well there are all lots of different options now that you can check where you can mostly give the client well more liberties so that’s already done we have another fun one which is web resource now web resource is basically formerly you log in it will expose the web resource or the website on that portal that login entrance did you to have seen formerly you logged in so right now I’ve only well configured one website here it’s which is web 01 and it’s the website that I’m allowed to go to that’s the one that we set up in private networks so 192.168 at 13 and one will go to web or one can also change this around here or lend more of these kinds of web resources and eventually “weve had” the dashboard and now “youre seeing” all various kinds of well different seminars statistics and data flow information so in order to make it work right now we need to well enabled assistance so let’s enable it it yes and it says work enables successfully so let’s assessment it and the IP address that we need to have starts for the web browser automatically so let’s make this a little bit more bigger and going to see you of course I don’t know why but let’s go to the video website HTTP semi colon slash slash 10/10 speck 10.1 o 5.25 you already see it now SSL VPN+ so let’s go to that website and then it will give you a urging bla bla bla not recommend this continue with that and as you can see here you can get you will get a port to login so let’s go to the portal login and category in my password now the subscribers that I made let’s hit login and you can see here well the web resource that I’ve set up so yeah dwelling and full access there’s one more thing that I want that I want to show you by the way you have a client configuration here and there is a there are different tunnel modes so you can go into full passageway or separate tunnel which Plitt tunnel it’s mostly that you can still access your local resources and with full passage it are essentially send all the traffic through the passage do you forget you set up here so you when you eliminate the regional subnet that means that you cannot access your local subnet any more formerly you’re when you’re connected to the VPN and well you need to type in d4 get over here and default gateway is mostly the same IP address that you set in the IP pool acity whole gateway let’s go back you can see the the web pressures now let’s go back to residence well the the the the client here already well sense that I that I that I installed the fed consumer so let’s see if I got to find the Ted client on my yeah it’s this one here so you can see the for this one here yes I can let the doubleclick on it and there you will see the network direct made a VPN connection and well details it’ll use this IP address there are some different settings that I can change here that I will not change at this moment but let’s just reach login it will ask me for username username password and I be recalled that bastard you remember that I well select that option so ok and then it says SL VPN connection was set up in Network VPN connection so here it’s very small now at the bottom you can see this this icon now organisation tray icon and let me doubled sound that you will see that the bytes cast I received are basically hectic here and if I go to advanced you can see that my virtual IP address is from that IP pool and that I configured and that my private subnet is this subnet here 13 structure access to web server I’m able to access the web server though so I think something is wrong our employer doesn’t need to be from but let’s see if I can oh you can see I received now so let’s make this a little bit more smaller and let’s it’s refresh now there you can see that if I smack refresh that I can access this web server well I touch a few times refresh now and you can see that I receive an amount of data you

You May Also Like