I have been studying SSL VPN-Plus feature on NSX Edge gateway and I noticed something really weird about how VPN client traffic is being routed. All client TCP connections are NAT'd to Edge interface address closest destination, any other protocol is routed using client IP address assigned from IP Pool.

Example

Edge Gateway with two interfaces

- outside = x.x.x.x

- inside = y.y.y.y

VPN Client

- IP address = z.z.z.z

ICMP Ping from VNP client with IP address z.z.z.z arrives at destination with IP address z.z.z.z

UDP DNS queries from VNP client with IP address z.z.z.z arrives at destination with IP address z.z.z.z

TCP HTTPS request from VPN client with IP address z.z.z.z arrives at destination with IP address of Edge gateway interface address y.y.y.y

I have no user defined NAT configuration in place, only NAT rule is system defined default DNAT rule for outside (uplink) interface.

This is serious problem with SSL VPN-Plus, I'd file a support request if could but since I am studying using on partner NFR licenses without support I cannot.

edit. tested UDP also