Azure Load Master not working

0

I recently started playing with Azure. I started with something simple like creating a Site to Site VPN. Then I moved to creating a VM to run IIS. All of that went well and I was very please with the outcome. Next, I decided to try and add a Kemp load balancer into Azure. I got the load balancer to install ok. It has a single NIC and I was able to get it to talk to some of my on-premise servers so I thought it would be pretty easy to start load balancing a test site behind it. I added a couple of more IPconfigs to the NIC and paired Public IP addresses with them. I already had a DNS entry for www so I start there. I created the rule just like I have it on my on-premise Kemp. Then I updated the external DNS entry to point to one of the public IP addresses assigned to the Azure Kemp. However, I have yet to be able to pull up the site from a system not attached to my network. The Azure Kemp can see my on-premise and if I update my internal DNS to point to the private IP for the rule it works just fine. I know I am missing something, some stupid switch that needs to be flipped because they are not on the same network or something simple like that. 

 

Any suggestion of things to look at would be appreciated. 

3 comments

Avatar
Nick Smylie Official comment

Hi Joshua,

Did you map your public IP to a private IP in your network security group?  We have a article below that explains adding another PiP to your LoadMaster.

(invalid link removed)

It may be a little out dated with how Azure looks now but the concept should be the same.  Let me know if that works out.

Avatar
0
joshua.gibson

Nick,

 

Yes, the Public IP addresses are mapped to the private. This doesn't seem to be a network connectivity issue. I noticed last night while doing some more troubleshooting that if I turn off SNI on the IIS server it works okay but as soon as I turn it back on it doesn't.

Avatar
0
Nick Smylie

Hi Joshua,

Good stuff.  So are you SSL offloading on the LoadMaster?  If so, does it work if you turn it off?  On top of that if you turn it back on there is an option within SSL properties to specify a Reencryption SNI Hostname.  The LoadMaster will then use an SNI on reencryption, if you do not specify one, there is not one sent in the client hello.