Advanced Networking Services Guide
Table Of Contents
- vCloud Air Advanced Networking Services Guide
- Contents
- Preface
- Introducing Advanced Networking Services for vCloud Air
- Advanced Routing for vCloud Air
- Certificate and Security Group Management
- Network Security and Isolation
- Load Balancing
- Secure Access Using Virtual Private Networks
- IP Service Management: NAT and DHCP
- Index
Add a Private Network
Add the network that you want the remote user to be able to access.
Each private network that requires access through a VPN tunnel must be added as a separate entry. If
necessary, use Route Summarization to limit the number of entries in the Private Network table.
Procedure
1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.
See “Log In and Navigate to Advanced Networking Services,” on page 9 for information.
2 Click the SSL VPN-Plus tab and Private Networks.
3
Click the Add (
) icon.
The Add Private Network dialog box appears.
4 Configure the following options for the private network:
Options Description
Network
Type the private network IP address.
Description
(Optional) Type a description for the network.
Send Traffic
Specify whether you want to send private network and Internet traffic
over the SSL VPN-Plus enabled edge gateway or directly to the private
server by bypassing the edge gateway.
Enable TCP Optimization
(Optional) When you select Send Traffic Over Tunnel, VMware
recommends selecting Enable TCP Optimization to optimize the Internet
speed.
Selecting this option enhances the performance of TCP packets within the
VPN tunnel but does not improve performance of UDP traffic.
Conventional full-access SSL VPNs tunnel sends TCP/IP data in a second
TCP/IP stack for encryption over the Internet. Selecting this options
encapsulates application layer data in two separate TCP streams. When
packet loss occurs (which happens even under optimal Internet
conditions), a performance degradation effect called TCP-over-TCP
meltdown occurs. Two TCP instruments correct a single packet of IP data,
undermining network throughput and causing connection timeouts. TCP
Optimization eliminates this TCP-over-TCP problem.
Ports
Type the port numbers that you want to open for the remote user to access
the corporate internal servers; for example, 3389 for RDP, 20/21 for FTP,
and 80 for HTTP.
To give unrestricted access to users, leave the Ports field blank.
Status
Specify whether you want to enable or disable the private network.
5 Click OK.
What to do next
Add authentication servers for your SSL VPN-Plus configuration. See “Add an Authentication Server,” on
page 54.
If necessary, add Web resources that remote users can access in addition to private networks. See “Add a
Web Resource for SSL VPN-Plus Access,” on page 58.
IMPORTANT Add a corresponding firewall rule to allow network traffic to the private network. See “Add an
Edge Gateway Firewall Rule,” on page 31 for information.
Chapter 6 Secure Access Using Virtual Private Networks
VMware, Inc. 53