NSX-V: SSL VPN-Plus ClientExternalNatIP property doesn't display the correct NAT'd IP

search cancel

NSX-V: SSL VPN-Plus ClientExternalNatIP property doesn't display the correct NAT'd IP

book

Article ID: 326359

calendar_today

Updated On:

Products

VMware NSX for vSphere

Issue/Introduction

SNAT is configured between SSL VPN Client and SSL VPN Server
The PHAT Client session shows the internal IP in <clientExternalNatIp> instead of the actual NAT'd IP

<sessionType>PHAT</sessionType>
...
<clientInternalIp>192.168.110.10</clientInternalIp>
<clientVirtualIP>10.200.200.2</clientVirtualIP>
<clientExternalNatIp>192.168.110.10</clientExternalNatIp>

The issue does not cause any functional impact to SSL VPN-Plus.

Environment

VMware NSX Data Center for vSphere

Cause

The client request is first terminated by the front-end SSLVPN Server. This request is then forwarded to the back-end SSLVPN process. The limitation is that the NAT'd IP address is not forwarded by the front-end SSLVPN server. As a result, the <clientExternalNatIp> property is populated by a copy of <clientInternalIp> instead of the NAT'd IP.

Resolution

There's currently no resolution to this issue.

Feedback

thumb_up Yes

thumb_down No