I've configured the SSL VPN. I'm able to connect externally, install the ssl client, authenticate and connect. Problem is that although I've defined the vxlan networks in the SSL VPN-Plus Private Networks section, I'm not able to connect in any way to any vm in those networks. I've made sure all firewalls are disabled and still no go. I'm able to successfully ping/tracert to the ssl-vpn default gateway, but nothing is reachable past the default gateway.
Not sure what I'm missing.
Do you have any logical diagram of the setup?
What are the settings you have configured in the private networks?
After VPN into the Edge, check your routes in the client (e.g. route print in windows) and see if you have the route to the private networks.
Ok. I have more information. The NSX documentation specifically states the following about the SSL VPN-Plus Private Network config:
Type the port numbers that you want to open for the remote user to access the corporate internal servers/machines like 3389 for RDP, 20/21 for FTP, and 80 for http. If you want to give unrestricted access to the user, you can leave the Ports field blank.
So, I left the ports section blank as I wanted to allow unrestricted access. As soon as I entered a port (RDP, 3389) and tried to connect to a vm over RDP it works. I still cannot ping it or ssh to it (or anything else other than RDP). It seems that unless I specify the ports I want open, it won't work.
For a little more investigation I went to the Flow Monitoring section and selected Live Flow to capture what was happening to the vm I was trying to connect to. When I RDP'd from my laptop (connected via ssl-vpn) and successfully connected, the flow stated a source IP that represented the Edge Gateway and Destination of the target vm IP. This is as expected as the vpn tunnel is through the Edge Gateway. I then initiated a ping from my laptop (connected via ssl-vpn). The Active Flow showed an ICMP packet but the source IP is the ssl-vpn client virtual IP of my laptop (not the Edge Gateway), source port is 0, destination IP is the vm, destination port is 0 and the state is blank (see attached pic).
So, not sure why the RDP which I defined as an acceptable port in the SSL-VPN Private Networks section goes through successfully and looks like it's sourced from the Edge Gateway, while a ping looks like it's coming from my laptop ssl-vpn IP with no source or destination port. Why am I seeing different results for different traffic?