Note: The VPN Management link/screen will only be available if the LoadMaster is licensed for IPsec tunneling.
Note: This is document covers the policy-based VPN functionality that is available in the latest LoadMaster Long Term Support (LTS) release. As of LoadMaster firmware version 7.2.53, the VPN Management menu option changed to Policy Based VPN and support was added for route-based VPNs.

For further information on IPsec tunneling, including step-by-step instructions on how to set it up, refer to the IPSec Tunnelling Feature Description.

Connection Name

Specify a unique name to identify the connection.

Create

Create a uniquely identifiable connection with the specified name.

View/Modify

View or modify the configuration parameters for this connection.

Delete

Delete this connection.

Note: All associated configuration will be permanently deleted. A connection can be deleted at any time, even if it is running.

View/Modify VPN Connection

When initially creating a connection, or when modifying a connection, the View/Modify VPN Connection screen appears.

Local IP Address

Set the IP address for the local side of the connection.

In non-HA mode, the Local IP Address should be the LoadMaster IP address, that is, the IP address of the default gateway interface.

In HA-mode, the Local IP Address should be the shared IP address. This will be automatically populated if HA has already been configured. For more information on setting up tunneling in a HA configuration, refer to the next section.

Local Subnet Address

When the Local IP Address is set the Local Subnet Address text box is automatically populated. The local IP can be the only participant if applicable, given the /32 CIDR. Review the Local Subnet Address and update it if needed. Ensure to click Set Local Subnet Address to apply the setting, whether the address has been changed or not. Multiple local subnets can be specified using a comma-separated list. Up to 10 IP addresses can be specified.

Remote IP Address

Set the IP address for the remote side of the connection. In the context of an Azure endpoint, this IP address is expected to be the public-facing IP address for the Virtual Private Network (VPN) Gateway device.

Remote Subnet Address

Set the subnet for the remote side of the connection. Multiple remote subnets can be specified using a comma-separated list. Up to 10 IP addresses can be specified.

Perfect Forward Secrecy

Activate or deactivate the Perfect Forward Secrecy option.

Note: The cloud platform being used will determine what the Perfect Forward Secrecy option should be set to. Perfect Forward Secrecy is needed for some platforms but is unsupported on others. To find out what will work with your cloud platform, refer to the IPsec Tunneling Feature Description document.

Local ID

Identification for the local side of the connection. This may be the local IP address. This field is automatically populated with the same address as the Local IP Address if the LoadMaster is not in HA mode.

If the LoadMaster is in HA mode, the Local ID field will be automatically set to %any. This value cannot be updated when the LoadMaster is in HA mode.

Remote ID

Identification for the remote side of the connection. This may be the remote IP address.

Pre Shared Key (PSK)

Enter the pre-shared key string.

Save Secret Information

Generate and save the connection identification and secret information.