Configure basic NetScaler Gateway VPN in the NetScaler VPX

Introduction

If you want to access a resource via VPN using netscaler, you need standard license. The basic steps to do this is as mentioned below.

Steps to setup

Enable sslvpn feature

enable ns feature SSL SSLVPN IPv6PT //Features required for Gateway

Add a SNIP if none exists

SNIP will be used to connect to resources. Resources like google.com will see SNIP as source IP

add ip 10.102.53.237 255.255.255.0 //SNIP

Generate a server certificate or bind to existing one

You can use openssl tool(Ref:https://sites.google.com/site/jbsakabffoi12449ujkn/home/secure-the-digital-world/how-to-create-self-signed-certificate-using-openssl-tool) to generate certificate key pair (for example, example-com.cert.pem and example-com.key.pem). Copy both files to /nsconfig/ssl folder. Note that key file must be plain (without any passphrase)

Then fire below command

> add ssl certKey key2 -cert example-com.cert.pem -key example-com.key.pem

Done

> bind ssl vserver vs1 -certkeyName key2

Done

Create a VIP

This VIP will be used by client to access vpn gateway

add vpn vserver vs1 SSL 10.102.53.245 443 -Listenpolicy NONE //VPN VIP

You need user database for login

To create local user, use below command

add aaa user ns password ns //Credential to login

Configure DNS, if needed

add dns nameServer 10.140.50.5

Set VPN parameters

set vpn parameter -defaultAuthorizationAction ALLOW -uitHEME DeFAULT -transparentInterception ON -uitHEME DeFAULT

Verify setup

To test this setup, To test the setup, using browser perform https operation to VIP (https://10.102.53.245 in this case)

You can see below sample output

Provide user credential (ns/ns in this case)

You can see the corresponding session in VPX

> show aaa session

ClientIp (ClientPort) -> ServerIp(ServerPort)

----------------------- -----------------------

PE id : 0

User name: ns Session Type: VPN

10.144.10.15 (34128) -> 10.102.53.245 (443 ) PE 0

10.144.10.15 (34125) -> 10.102.53.245 (443 ) PE 1

Done

Reference

Personal discussion

Page updated

Google Sites

Report abuse