Freigeben über

Vpn Connections - Create Or Update

  • Reference
Service:
Virtual WAN
API Version:
2024-03-01

Creates a vpn connection to a scalable vpn gateway if it doesn't exist else updates the existing connection.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/vpnGateways/{gatewayName}/vpnConnections/{connectionName}?api-version=2024-03-01

URI Parameters

Name In Required Type Description
connectionName
 path True

string

The name of the connection.
gatewayName
 path True

string

The name of the gateway.
resourceGroupName
 path True

string

The resource group name of the VpnGateway.
subscriptionId
 path True

string

The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.
api-version
 query True

string

Client API version.

Request Body

Name Type Description
id

string

Resource ID.
name

string

The name of the resource that is unique within a resource group. This name can be used to access the resource.
properties.connectionBandwidth

integer

Expected bandwidth in MBPS.
properties.dpdTimeoutSeconds

integer

DPD timeout in seconds for vpn connection.
properties.enableBgp

boolean

EnableBgp flag.
properties.enableInternetSecurity

boolean

Enable internet security.
properties.enableRateLimiting

boolean

EnableBgp flag.
properties.ipsecPolicies

IpsecPolicy[]

The IPSec Policies to be considered by this connection.
properties.remoteVpnSite

SubResource

Id of the connected vpn site.
properties.routingConfiguration

RoutingConfiguration

The Routing Configuration indicating the associated and propagated route tables on this connection.
properties.routingWeight

integer

Routing weight for vpn connection.
properties.sharedKey

string

SharedKey for the vpn connection.
properties.trafficSelectorPolicies

TrafficSelectorPolicy[]

The Traffic Selector Policies to be considered by this connection.
properties.useLocalAzureIpAddress

boolean

Use local azure ip to initiate connection.
properties.usePolicyBasedTrafficSelectors

boolean

Enable policy-based traffic selectors.
properties.vpnConnectionProtocolType

VirtualNetworkGatewayConnectionProtocol

Connection protocol used for this connection.
properties.vpnLinkConnections

VpnSiteLinkConnection[]

List of all vpn site link connections to the gateway.

Responses

Name Type Description
200 OK

VpnConnection

Request successful. Returns the details of the vpn connection created or updated.
201 Created

VpnConnection

Request successful. Returns the details of the vpn connection created or updated.
Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

VpnConnectionPut

Sample request

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/vpnConnections/vpnConnection1?api-version=2024-03-01

{
  "properties": {
    "remoteVpnSite": {
      "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnSites/vpnSite1"
    },
    "vpnLinkConnections": [
      {
        "name": "Connection-Link1",
        "properties": {
          "vpnSiteLink": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnSites/vpnSite1/vpnSiteLinks/siteLink1"
          },
          "connectionBandwidth": 200,
          "vpnConnectionProtocolType": "IKEv2",
          "sharedKey": "key",
          "vpnLinkConnectionMode": "Default",
          "usePolicyBasedTrafficSelectors": false
        }
      }
    ],
    "routingConfiguration": {
      "associatedRouteTable": {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1/hubRouteTables/hubRouteTable1"
      },
      "propagatedRouteTables": {
        "labels": [
          "label1",
          "label2"
        ],
        "ids": [
          {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1/hubRouteTables/hubRouteTable1"
          },
          {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1/hubRouteTables/hubRouteTable2"
          },
          {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1/hubRouteTables/hubRouteTable3"
          }
        ]
      },
      "inboundRouteMap": {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/virtualHub1/routeMaps/routeMap1"
      },
      "outboundRouteMap": {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/virtualHub1/routeMaps/routeMap2"
      }
    },
    "trafficSelectorPolicies": []
  }
}

Sample response

Status code:
200 
{
  "name": "vpnConnection1",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/vpnConnections/vpnConnection1",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "properties": {
    "provisioningState": "Succeeded",
    "remoteVpnSite": {
      "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnSites/vpnSite1"
    },
    "enableInternetSecurity": false,
    "ingressBytesTransferred": 0,
    "egressBytesTransferred": 0,
    "vpnLinkConnections": [
      {
        "name": "Connection-Link1",
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/vpnConnections/vpnConnection1/VpnSiteLinkConnections/Connection-Link1",
        "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
        "type": "Microsoft.Network/vpnGateways/vpnConnections/VpnSiteLinkConnections",
        "properties": {
          "provisioningState": "Succeeded",
          "vpnSiteLink": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnSites/vpnSite1/vpnSiteLinks/siteLink1"
          },
          "connectionBandwidth": 200,
          "ipsecPolicies": [],
          "vpnConnectionProtocolType": "IKEv2",
          "sharedKey": "key",
          "ingressBytesTransferred": 0,
          "egressBytesTransferred": 0,
          "enableBgp": false,
          "enableRateLimiting": false,
          "useLocalAzureIpAddress": false,
          "usePolicyBasedTrafficSelectors": false,
          "routingWeight": 0,
          "vpnLinkConnectionMode": "Default"
        }
      }
    ],
    "routingConfiguration": {
      "associatedRouteTable": {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1/hubRouteTables/hubRouteTable1"
      },
      "propagatedRouteTables": {
        "labels": [
          "label1",
          "label2"
        ],
        "ids": [
          {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1/hubRouteTables/hubRouteTable1"
          },
          {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1/hubRouteTables/hubRouteTable2"
          },
          {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1/hubRouteTables/hubRouteTable3"
          }
        ]
      },
      "inboundRouteMap": {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/virtualHub1/routeMaps/routeMap1"
      },
      "outboundRouteMap": {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/virtualHub1/routeMaps/routeMap2"
      }
    },
    "trafficSelectorPolicies": []
  }
}
Status code:
201 
{
  "name": "vpnConnection1",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/vpnConnections/vpnConnection1",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "properties": {
    "provisioningState": "Succeeded",
    "remoteVpnSite": {
      "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnSites/vpnSite1"
    },
    "enableInternetSecurity": false,
    "ingressBytesTransferred": 0,
    "egressBytesTransferred": 0,
    "vpnLinkConnections": [
      {
        "name": "Connection-Link1",
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/vpnConnections/vpnConnection1/VpnSiteLinkConnections/Connection-Link1",
        "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
        "properties": {
          "provisioningState": "Succeeded",
          "vpnSiteLink": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnSites/vpnSite1/vpnSiteLinks/siteLink1"
          },
          "connectionBandwidth": 200,
          "ipsecPolicies": [],
          "vpnConnectionProtocolType": "IKEv2",
          "sharedKey": "key",
          "ingressBytesTransferred": 0,
          "egressBytesTransferred": 0,
          "enableBgp": false,
          "enableRateLimiting": false,
          "useLocalAzureIpAddress": false,
          "usePolicyBasedTrafficSelectors": false,
          "routingWeight": 0,
          "vpnLinkConnectionMode": "Default"
        }
      }
    ],
    "routingConfiguration": {
      "associatedRouteTable": {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1/hubRouteTables/hubRouteTable1"
      },
      "propagatedRouteTables": {
        "labels": [
          "label1",
          "label2"
        ],
        "ids": [
          {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1/hubRouteTables/hubRouteTable1"
          },
          {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1/hubRouteTables/hubRouteTable2"
          },
          {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1/hubRouteTables/hubRouteTable3"
          }
        ]
      },
      "inboundRouteMap": {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/virtualHub1/routeMaps/routeMap1"
      },
      "outboundRouteMap": {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/virtualHub1/routeMaps/routeMap2"
      }
    },
    "trafficSelectorPolicies": []
  }
}

Definitions

Name Description
CloudError

An error response from the service.
CloudErrorBody

An error response from the service.
DhGroup

The DH Groups used in IKE Phase 1 for initial SA.
GatewayCustomBgpIpAddressIpConfiguration

GatewayCustomBgpIpAddressIpConfiguration for a virtual network gateway connection.
IkeEncryption

The IKE encryption algorithm (IKE phase 2).
IkeIntegrity

The IKE integrity algorithm (IKE phase 2).
IpsecEncryption

The IPSec encryption algorithm (IKE phase 1).
IpsecIntegrity

The IPSec integrity algorithm (IKE phase 1).
IpsecPolicy

An IPSec Policy configuration for a virtual network gateway connection.
PfsGroup

The Pfs Groups used in IKE Phase 2 for new child SA.
PropagatedRouteTable

The list of RouteTables to advertise the routes to.
ProvisioningState

The current provisioning state.
RoutingConfiguration

Routing Configuration indicating the associated and propagated route tables for this connection.
StaticRoute

List of all Static Routes.
StaticRoutesConfig

Configuration for static routes on this HubVnetConnectionConfiguration for static routes on this HubVnetConnection.
SubResource

Reference to another subresource.
TrafficSelectorPolicy

An traffic selector policy for a virtual network gateway connection.
VirtualNetworkGatewayConnectionProtocol

Connection protocol used for this connection.
VnetLocalRouteOverrideCriteria

Parameter determining whether NVA in spoke vnet is bypassed for traffic with destination in spoke vnet.
VnetRoute

List of routes that control routing from VirtualHub into a virtual network connection.
VpnConnection

VpnConnection Resource.
VpnConnectionStatus

The current state of the vpn connection.
VpnLinkConnectionMode

Vpn link connection mode.
VpnSiteLinkConnection

VpnSiteLinkConnection Resource.

CloudError

An error response from the service.

Name Type Description
error

CloudErrorBody

Cloud error body.

CloudErrorBody

An error response from the service.

Name Type Description
code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
details

CloudErrorBody[]

A list of additional details about the error.
message

string

A message describing the error, intended to be suitable for display in a user interface.
target

string

The target of the particular error. For example, the name of the property in error.

DhGroup

The DH Groups used in IKE Phase 1 for initial SA.

Name Type Description
DHGroup1

string

DHGroup14

string

DHGroup2

string

DHGroup2048

string

DHGroup24

string

ECP256

string

ECP384

string

None

string

GatewayCustomBgpIpAddressIpConfiguration

GatewayCustomBgpIpAddressIpConfiguration for a virtual network gateway connection.

Name Type Description
customBgpIpAddress

string

The custom BgpPeeringAddress which belongs to IpconfigurationId.
ipConfigurationId

string

The IpconfigurationId of ipconfiguration which belongs to gateway.

IkeEncryption

The IKE encryption algorithm (IKE phase 2).

Name Type Description
AES128

string

AES192

string

AES256

string

DES

string

DES3

string

GCMAES128

string

GCMAES256

string

IkeIntegrity

The IKE integrity algorithm (IKE phase 2).

Name Type Description
GCMAES128

string

GCMAES256

string

MD5

string

SHA1

string

SHA256

string

SHA384

string

IpsecEncryption

The IPSec encryption algorithm (IKE phase 1).

Name Type Description
AES128

string

AES192

string

AES256

string

DES

string

DES3

string

GCMAES128

string

GCMAES192

string

GCMAES256

string

None

string

IpsecIntegrity

The IPSec integrity algorithm (IKE phase 1).

Name Type Description
GCMAES128

string

GCMAES192

string

GCMAES256

string

MD5

string

SHA1

string

SHA256

string

IpsecPolicy

An IPSec Policy configuration for a virtual network gateway connection.

Name Type Description
dhGroup

DhGroup

The DH Group used in IKE Phase 1 for initial SA.
ikeEncryption

IkeEncryption

The IKE encryption algorithm (IKE phase 2).
ikeIntegrity

IkeIntegrity

The IKE integrity algorithm (IKE phase 2).
ipsecEncryption

IpsecEncryption

The IPSec encryption algorithm (IKE phase 1).
ipsecIntegrity

IpsecIntegrity

The IPSec integrity algorithm (IKE phase 1).
pfsGroup

PfsGroup

The Pfs Group used in IKE Phase 2 for new child SA.
saDataSizeKilobytes

integer

The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.
saLifeTimeSeconds

integer

The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.

PfsGroup

The Pfs Groups used in IKE Phase 2 for new child SA.

Name Type Description
ECP256

string

ECP384

string

None

string

PFS1

string

PFS14

string

PFS2

string

PFS2048

string

PFS24

string

PFSMM

string

PropagatedRouteTable

The list of RouteTables to advertise the routes to.

Name Type Description
ids

SubResource[]

The list of resource ids of all the RouteTables.
labels

string[]

The list of labels.

ProvisioningState

The current provisioning state.

Name Type Description
Deleting

string

Failed

string

Succeeded

string

Updating

string

RoutingConfiguration

Routing Configuration indicating the associated and propagated route tables for this connection.

Name Type Description
associatedRouteTable

SubResource

The resource id RouteTable associated with this RoutingConfiguration.
inboundRouteMap

SubResource

The resource id of the RouteMap associated with this RoutingConfiguration for inbound learned routes.
outboundRouteMap

SubResource

The resource id of theRouteMap associated with this RoutingConfiguration for outbound advertised routes.
propagatedRouteTables

PropagatedRouteTable

The list of RouteTables to advertise the routes to.
vnetRoutes

VnetRoute

List of routes that control routing from VirtualHub into a virtual network connection.

StaticRoute

List of all Static Routes.

Name Type Description
addressPrefixes

string[]

List of all address prefixes.
name

string

The name of the StaticRoute that is unique within a VnetRoute.
nextHopIpAddress

string

The ip address of the next hop.

StaticRoutesConfig

Configuration for static routes on this HubVnetConnectionConfiguration for static routes on this HubVnetConnection.

Name Type Description
propagateStaticRoutes

boolean

Boolean indicating whether static routes on this connection are automatically propagate to route tables which this connection propagates to.
vnetLocalRouteOverrideCriteria

VnetLocalRouteOverrideCriteria

Parameter determining whether NVA in spoke vnet is bypassed for traffic with destination in spoke.

SubResource

Reference to another subresource.

Name Type Description
id

string

Resource ID.

TrafficSelectorPolicy

An traffic selector policy for a virtual network gateway connection.

Name Type Description
localAddressRanges

string[]

A collection of local address spaces in CIDR format.
remoteAddressRanges

string[]

A collection of remote address spaces in CIDR format.

VirtualNetworkGatewayConnectionProtocol

Connection protocol used for this connection.

Name Type Description
IKEv1

string

IKEv2

string

VnetLocalRouteOverrideCriteria

Parameter determining whether NVA in spoke vnet is bypassed for traffic with destination in spoke vnet.

Name Type Description
Contains

string

Equal

string

VnetRoute

List of routes that control routing from VirtualHub into a virtual network connection.

Name Type Description
bgpConnections

SubResource[]

The list of references to HubBgpConnection objects.
staticRoutes

StaticRoute[]

List of all Static Routes.
staticRoutesConfig

StaticRoutesConfig

Configuration for static routes on this HubVnetConnection.

VpnConnection

VpnConnection Resource.

Name Type Description
etag

string

A unique read-only string that changes whenever the resource is updated.
id

string

Resource ID.
name

string

The name of the resource that is unique within a resource group. This name can be used to access the resource.
properties.connectionBandwidth

integer

Expected bandwidth in MBPS.
properties.connectionStatus

VpnConnectionStatus

The connection status.
properties.dpdTimeoutSeconds

integer

DPD timeout in seconds for vpn connection.
properties.egressBytesTransferred

integer

Egress bytes transferred.
properties.enableBgp

boolean

EnableBgp flag.
properties.enableInternetSecurity

boolean

Enable internet security.
properties.enableRateLimiting

boolean

EnableBgp flag.
properties.ingressBytesTransferred

integer

Ingress bytes transferred.
properties.ipsecPolicies

IpsecPolicy[]

The IPSec Policies to be considered by this connection.
properties.provisioningState

ProvisioningState

The provisioning state of the VPN connection resource.
properties.remoteVpnSite

SubResource

Id of the connected vpn site.
properties.routingConfiguration

RoutingConfiguration

The Routing Configuration indicating the associated and propagated route tables on this connection.
properties.routingWeight

integer

Routing weight for vpn connection.
properties.sharedKey

string

SharedKey for the vpn connection.
properties.trafficSelectorPolicies

TrafficSelectorPolicy[]

The Traffic Selector Policies to be considered by this connection.
properties.useLocalAzureIpAddress

boolean

Use local azure ip to initiate connection.
properties.usePolicyBasedTrafficSelectors

boolean

Enable policy-based traffic selectors.
properties.vpnConnectionProtocolType

VirtualNetworkGatewayConnectionProtocol

Connection protocol used for this connection.
properties.vpnLinkConnections

VpnSiteLinkConnection[]

List of all vpn site link connections to the gateway.

VpnConnectionStatus

The current state of the vpn connection.

Name Type Description
Connected

string

Connecting

string

NotConnected

string

Unknown

string

VpnLinkConnectionMode

Vpn link connection mode.

Name Type Description
Default

string

InitiatorOnly

string

ResponderOnly

string

VpnSiteLinkConnection

VpnSiteLinkConnection Resource.

Name Type Description
etag

string

A unique read-only string that changes whenever the resource is updated.
id

string

Resource ID.
name

string

The name of the resource that is unique within a resource group. This name can be used to access the resource.
properties.connectionBandwidth

integer

Expected bandwidth in MBPS.
properties.connectionStatus

VpnConnectionStatus

The connection status.
properties.dpdTimeoutSeconds

integer

Dead Peer Detection timeout in seconds for VpnLink connection.
properties.egressBytesTransferred

integer

Egress bytes transferred.
properties.egressNatRules

SubResource[]

List of egress NatRules.
properties.enableBgp

boolean

EnableBgp flag.
properties.enableRateLimiting

boolean

EnableBgp flag.
properties.ingressBytesTransferred

integer

Ingress bytes transferred.
properties.ingressNatRules

SubResource[]

List of ingress NatRules.
properties.ipsecPolicies

IpsecPolicy[]

The IPSec Policies to be considered by this connection.
properties.provisioningState

ProvisioningState

The provisioning state of the VPN site link connection resource.
properties.routingWeight

integer

Routing weight for vpn connection.
properties.sharedKey

string

SharedKey for the vpn connection.
properties.useLocalAzureIpAddress

boolean

Use local azure ip to initiate connection.
properties.usePolicyBasedTrafficSelectors

boolean

Enable policy-based traffic selectors.
properties.vpnConnectionProtocolType

VirtualNetworkGatewayConnectionProtocol

Connection protocol used for this connection.
properties.vpnGatewayCustomBgpAddresses

GatewayCustomBgpIpAddressIpConfiguration[]

vpnGatewayCustomBgpAddresses used by this connection.
properties.vpnLinkConnectionMode

VpnLinkConnectionMode

Vpn link connection mode.
properties.vpnSiteLink

SubResource

Id of the connected vpn site link.
type

string

Resource type.