You must add SSL VPN server settings to enable SSL on an edge gateway interface.

To connect to the edge gateway in vCloud Air, remote users specify the IP address and port number you set in this procedure.

If your edge gateway is configured with multiple, overlay IP address networks on its external interface, the IP address you select might be different from the default external interface of the edge gateway.

While configuring server settings, you must choose which encryption algorithms to use for the SSL VPN tunnel. You can choose one or multiple ciphers to support; VMware recommends you be aware of the strength and weakness of the ciphers you select.

Specify an identity certificate for the SSL VPN tunnel. You can choose to use the default, self-signed certificate that the Advanced Networking Services generates for each edge gateway or you can specify an externally-generated digital certificate.

If you choose to use a certificate other than the default certificate, import the required certificate into vCloud Air. See Add a Certificate for information.


Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.

See Log In and Navigate to Advanced Networking Services for information.


Click the SSL VPN-Plus tab and Server Settings.


Click Change next to Server Settings.

The Change Service Settings dialog box appears.


Select an IPv4 or an IPv6 address.


(Optional) Change the port number.

By default, Advanced Networking Services use port 443, which is the default port for HTTPS/SSL traffic. A port number is required to configure the installation package; however, you can set any TCP port for communications.


Select the encryption method.


(Optional) From the Server Certificate table, select the server certificate that you want to add.


Select Use Default Certificate.


Click OK.


The edge gateway IP address and the TCP port number you set must be reachable by your remote users. Add an edge gateway firewall rule that allows access to the SSL VPN-Plus IP address and port configured in this procedure. See Add an Edge Gateway Firewall Rule for information.

Add an IP pool so that remote users are assigned IP addresses when they connect using SSL VPN-Plus. See Add an IP Pool for information.