Ok. I have more information. The NSX documentation specifically states the following about the SSL VPN-Plus Private Network config:
Type the port numbers that you want to open for the remote user to access the corporate internal servers/machines like 3389 for RDP, 20/21 for FTP, and 80 for http. If you want to give unrestricted access to the user, you can leave the Ports field blank.
So, I left the ports section blank as I wanted to allow unrestricted access. As soon as I entered a port (RDP, 3389) and tried to connect to a vm over RDP it works. I still cannot ping it or ssh to it (or anything else other than RDP). It seems that unless I specify the ports I want open, it won't work.
For a little more investigation I went to the Flow Monitoring section and selected Live Flow to capture what was happening to the vm I was trying to connect to. When I RDP'd from my laptop (connected via ssl-vpn) and successfully connected, the flow stated a source IP that represented the Edge Gateway and Destination of the target vm IP. This is as expected as the vpn tunnel is through the Edge Gateway. I then initiated a ping from my laptop (connected via ssl-vpn). The Active Flow showed an ICMP packet but the source IP is the ssl-vpn client virtual IP of my laptop (not the Edge Gateway), source port is 0, destination IP is the vm, destination port is 0 and the state is blank (see attached pic).
So, not sure why the RDP which I defined as an acceptable port in the SSL-VPN Private Networks section goes through successfully and looks like it's sourced from the Edge Gateway, while a ping looks like it's coming from my laptop ssl-vpn IP with no source or destination port. Why am I seeing different results for different traffic?
