Add the network that you want the remote user to be able to access.

Each private network that requires access through a VPN tunnel must be added as a separate entry. If necessary, use Route Summarization to limit the number of entries in the Private Network table.


Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.

See Log In and Navigate to Advanced Networking Services for information.


Click the SSL VPN-Plus tab and Private Networks.


Click the Add (add icon) icon.

The Add Private Network dialog box appears.


Configure the following options for the private network:




Type the private network IP address.


(Optional) Type a description for the network.

Send Traffic

Specify whether you want to send private network and Internet traffic over the SSL VPN-Plus enabled edge gateway or directly to the private server by bypassing the edge gateway.

Enable TCP Optimization

(Optional) When you select Send Traffic Over Tunnel, VMware recommends selecting Enable TCP Optimization to optimize the Internet speed.

Selecting this option enhances the performance of TCP packets within the VPN tunnel but does not improve performance of UDP traffic.

Conventional full-access SSL VPNs tunnel sends TCP/IP data in a second TCP/IP stack for encryption over the Internet. Selecting this options encapsulates application layer data in two separate TCP streams. When packet loss occurs (which happens even under optimal Internet conditions), a performance degradation effect called TCP-over-TCP meltdown occurs. Two TCP instruments correct a single packet of IP data, undermining network throughput and causing connection timeouts. TCP Optimization eliminates this TCP-over-TCP problem.


Type the port numbers that you want to open for the remote user to access the corporate internal servers; for example, 3389 for RDP, 20/21 for FTP, and 80 for HTTP.

To give unrestricted access to users, leave the Ports field blank.


Specify whether you want to enable or disable the private network.


Click OK.

Add authentication servers for your SSL VPN-Plus configuration. See Add an Authentication Server.

If necessary, add Web resources that remote users can access in addition to private networks. See Add a Web Resource for SSL VPN-Plus Access.


Add a corresponding firewall rule to allow network traffic to the private network. See Add an Edge Gateway Firewall Rule for information.