Thank you, @nachogonzalez . I have iptables enabled and it currently has an empty rules table. SELinux is not enabled.

I can ping the edge and SSH into it from the VM, but not from the outside.

Also I am suspecting that tech support, even though they claim to have checked the IPs on the FW and NAT, did not. So my problem may be there, but I am stuck as to how to track it down.

Hi Jenya, can you please try to accept the VPN SSL certificate before trying to establish a connection

Install SSL VPN-Plus Client on a Remote Linux Site (vmware.com)

Just browse to the NSX edge with firefox and add the certificate to a trusted store.

Thank you, @nachogonzalez . Unfortunately the Edge is not available from the browser, only from inside Cloud Director. The only thing that I have been able to reach from outside is the URL for downloading the SSL VPN Plus installation package.

The configuration problem is the following:

My external IP address is 89.something. Edge is on 10.something. Of course 10.something is only available from inside, so from the VM itself I can SSH in and use the ESX commands (e.g., show log reverse). Tech support told me that I can open my VM to SSH from outside if I set up SSL VPN Plus. So I was able to get it to show up from https://89.something:port and download the installation package. And it was there in Firefox that I accepted the certificate.

The thing that really bewilders me is that the automatically-generated rules for sslvpn do not reference 89.something at all. For example, FW has

sslvpn source:any dest:10.something service:tcp:port:any accept

and NAT has

sslvpn DNAT original:10.something:port translated:10.something:port

Maybe this is correct behavior, that sslvpn uses Edge mapped to 89.something and all of my other rules need to be 89.something mapped to 192.something for my VM. But to be honest, I have lost all faith in the tech support people, who claim to have checked this... so for this reason I am grateful to get getting intelligent questions and suggestions from you. 

Hey @jenya77 hope you are doing fine.

I'm not sure I'm understanding properly so I did a doodle of what is what you are trying to accomplish

You are trying to log in from the Linux Client machine (left) to the ubuntu VM with an IP on the 10.X.X.X range on the right over the NSX Edge SSL VPN client.
Is this right?

In  case it is:

- If you open NSX edge public IP (89.X.X.X) on a browser on the Ubuntu Client VM (Left) are you able to see the SSL VPN Client webpage? are you able to download the client?
- If you try to ping the NSX Edge IP, are you able to reach it?
- If you try a telnet / curl to port 443, does it establish a connection?
- do you have Firewall enabled on the NSX Edge?
- Do you have management of the NSX edge? If so? Can you please share the SSL VPN configuration details, Nat and interface details (of course, blurring the sensitive data).