Add the network that you want the remote user to be able to access.
- In the SSL VPN-Plus tab, select Private Networks from the left panel.
- Click the Add () icon
- Type the private network IP address.
- Type the netmask of the private network.
- (Optional) Type a description for the network.
- Specify whether you want to send private network and internet traffic over the SSL VPN-Plus enabled NSX Edge or directly to the private server by bypassing the NSX Edge.
- If you selected Send traffic over the tunnel, select Enable TCP Optimization to optimize the internet speed.
Conventional full-access SSL VPNs tunnel sends TCP/IP data in a second TCP/IP stack for encryption over the internet. This results in application layer data being encapsulated twice in two separate TCP streams. When packet loss occurs (which happens even under optimal internet conditions), a performance degradation effect called TCP-over-TCP meltdown occurs. In essence, two TCP instruments are correcting a single packet of IP data, undermining network throughput and causing connection timeouts. TCP Optimization eliminates this TCP-over-TCP problem, ensuring optimal performance.
- When optimization is enabled, specify the port numbers for which traffic should be optimized.
Traffic for remaining ports for that specific network will not be optimized.Note:
Traffic for all ports are optimized, if port numbers are not specified.
When TCP traffic is optimized, the TCP connection is opened by the SSL VPN server on behalf of the client. Because the TCP connection is opened by the SSLVPN server, the first automatically generated rule is applied, which allows all connections opened from the Edge to get passed. Traffic that is not optimized will be evaluated by the regular Edge firewall rules. The default rule is allow any any.
- Specify whether you want to enable or disable the private network.
- Click OK.
What to do next
Add a corresponding firewall rule to allow the private network traffic.