Configure the LoadMaster

A connection end point must be added in the LoadMaster for tunneling to work. Follow the steps below to configure the LoadMaster settings:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to System Configuration > Route Management > VPN Management.

   

2. Enter a unique and recognizable Connection Name and click Create.

   

3. Enter the IP address for the local side of the connection in the Local IP Address text box and click Set Local IP Address.
   Note: In non-HA mode, the Local IP Address should be the LoadMaster IP address, that is, the IP address of the default gateway interface.

   Note: In HA-mode, the Local IP Address should be the shared IP address. This will be automatically populated if HA has already been configured. For more information on setting up tunneling in a HA configuration, refer to the next section.
4. When the Local IP Address is set, the Local Subnet Address will be automatically populated. Review the Local Subnet Address and update it if needed. Ensure to click Set Local Subnet Address to apply the setting, whether the address has been changed or not. Multiple local subnets can be specified using a comma-separated list. Up to 10 IP addresses can be specified.
5. The local IP can be the only participant if applicable, given the /32 CIDR. Enter the IP address of the remote side of the connection in the Remote IP Address text box and click Set Remote IP Address.
   Note: In the context of an Azure endpoint, this IP address is expected to be the public-facing IP address for the VPN Gateway device. For instructions on how to get this IP address, refer to Microsoft - Configure a Virtual Network Gateway in the Management Portal.
6. Enter the Remote Subnet Address and click Set Remote Subnet Address. Multiple remote subnets can be specified using a comma-separated list. Up to 10 IP addresses can be specified.
7. Either enable or disable Perfect Forward Secrecy.
   Note: The cloud platform being used will determine what the Perfect Forward Secrecy option should be set to. Perfect Forward Secrecy is needed for some platforms but is unsupported on others. To find out what will work with your cloud platform, refer to the Prerequisites section.
8. By default, the Local ID text box is populated with the Local IP Address when the Set Local IP Address button is clicked. Review and update this address, if needed.
   Note: This may be the local IP address.

   Note: If the LoadMaster is in HA mode, the Local ID field will be automatically set to %any. This value cannot be updated when the LoadMaster is in HA mode.
9. Enter identification for the remote side of the connection.
   Note: This may be the remote IP address.
10. Enter the pre-shared key string in the Pre-Shared Key (PSK) text box.
    Note: If you are upgrading the LoadMaster firmware from a version older than 7.2.41 to version 7.2.41 or above, we recommend re-entering the PSK to encrypt it.
    Note: This is the Shared key which is generated and managed on the Azure side, as outlined in Microsoft - Configure a Virtual Network Gateway in the Management Portal. It must be taken from Azure and entered in the Pre-Shared Key (PSK) text box in the LoadMaster WUI.
11. Click Save Secret Information to generate and save the connection identification and secret information.
12. Go back to the VPN Management screen.