Before we begin configuring for the network access mode, make sure that the SSL VPN gateway is accessible externally over port 443. We will systematically configure the network access mode by following multiple steps:

1. Go to Home | Networking & Security | NSX Edges, and double click on the Edge gateway services device, and then navigate to the Manage | SSL VPN-Plus tab:

2. Click on Server Settings and click the Change button to select the IP on which the server will respond:

3. Select the IPv4 Address or IPv6 Address, the desired Port number, and the encryption method. If you have a certificate installed, select that if needed.
4. Click OK when done.
5. We will now continue to add an IP pool to provide an IP address to the remote user when a VPN connection is established.

6. On the IP Pools tab, click the + icon:

7. Type the IP Range, Netmask, and the Gateway that is typically the external interface of the NSX Edge gateway.
8. Type in a Description for the pool and then set the status to Enabled to enable the pool. You may also add custom DNS settings and provide a WINS server if needed.
9. Click OK when done.

10. We will now add the private network the remote VPN user will be able to access. Click on the Private Network tab on the left and click on the + icon:

11. Enter a Network in the CIDR format and a Description. Specify if the traffic should traverse the tunnel or bypass the tunnel and be sent directly to the private server.
12. A tunnel here indicates the SSL VPN-Plus-enabled Edge gateway. If you choose to Send Traffic over the tunnel, leave the Enable TCP Optimization checked to optimize the internet speed, followed by specifying the port numbers for which the traffic will be optimized. Traffic for ports not listed will not be optimized.
13. For multiple ports, you have to create multiple private networks pointing to the same subnet with a different port each time.
14. Select Enabled for Status.
15. Click OK when done.
16. We will now configure an authentication mechanism for users who will be able to access the VPN. The Edge services gateway SSL VPN-Plus supports external authentication mechanisms such as Active Directory, LDAP, Radius, and RSA. Click on the Authentication tab and click the + icon:

17. Select the appropriate Authentication Server Type and fill out the information. Wherever applicable, ensure that you Enable SSL to encrypt all traffic.
18. The maximum Timeout for a VPN connection authentication is 3 minutes and is non-configurable.

We will now create an installation package for the end user. This installation package contains the VPN software client required to make the connection.

1. Click on the Installation Package tab and click the + icon:

2. Type a Profile Name for the installation package. Type the FQDN or the external IP address for the Edge gateway server. This is the IP the client will connect to. If you need to bind additional Edge uplink interfaces, click the + icon and add them.
3. Select the operating system for which the package needs to be created. By default, the package is created for Windows.
4. Select Enabled to advertise and display the installation package on the installation package page.

5. Customize the installation package by choosing your preferred parameter for Windows.
6. Click OK when done.
7. Let's now add a remote user. Click on Users and click the + icon:

8. Fill in the form appropriately and click OK when done.

9. Now that the setup is done, let's enable the SSL VPN-Plus service. Click on Dashboard and click Enable and answer the prompt to enable the service. Once enabled, open a browser and access the Edge gateway services over HTTPS. Log in using the username you created in Step 7 to download the VPN client. Log in to the VPN client based on the user and authentication mechanism applicable: