Share via

Virtual network gateway Sku specified is not valid for gateway

tstrong 45 Reputation points
2023-09-23T21:00:36.3+00:00

I would like to create a Basic (SKU) VPN gateway. The gateway is for 1 to 2 people that would need to connect using P2S for general Administration purposes. I originally used SKU VpnGw1 not realizing that it came with a price tag of $130 bucks a month.

When I try to create the VPN through PS I get the following error.

"InvalidGatewaySkuSpecifiedForGatewayDeploymentType"

I have tried multiple scripts and multiple IP's.

az network vnet-gateway create -n "vpn-basic-001" -l "westus3" --public-ip-address "pip-vpnGateway-001" -g "rg-001" --vnet "vnet-001" --vpn-gateway-generation Generation1 --gateway-type Vpn --sku Basic --vpn-type RouteBased

I tried creating a PolicyBased vpn gateway and received the following error.

"VmssVpnGatewayPublicIpsMustHaveZonesConfigured"

Any help would be appreciated.

Thanks!

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,463 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,311 questions
0 comments
Accepted answer
  1. TP 84,291 Reputation points
    2023-09-25T00:55:54.89+00:00

    Hi,

    Please see sample code below. I tested and was able to successfully create Basic VPN Gateway in West US 3.

    $location = "westus3"
$resourceGroup = "basic-vnet-gateway-group"
$vnetAddressSpace = "10.20.0.0/16"
$gatewaySubnet = "10.20.0.0/27"
New-AzResourceGroup -Name $resourceGroup -Location $location
$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name GatewaySubnet -AddressPrefix $gatewaySubnet
$vngwPIP = New-AzPublicIpAddress -Name myvngw-ip -ResourceGroupName $resourceGroup -Location $location -Sku Basic -AllocationMethod Dynamic
$vnet = New-AzVirtualNetwork -Name myvngw-vnet -ResourceGroupName $resourceGroup -Location $location -AddressPrefix $vnetAddressSpace -Subnet $subnetConfig
$subnet = Get-AzVirtualNetworkSubnetConfig -Name GatewaySubnet -VirtualNetwork $vnet
$vngwIpConfig = New-AzVirtualNetworkGatewayIpConfig -Name vngwipconfig -SubnetId $subnet.Id -PublicIpAddressId $vngwPIP.Id
New-AzVirtualNetworkGateway -Name myvngw-gw -ResourceGroupName $resourceGroup -Location $location -IpConfigurations $vngwIpConfig -GatewayType Vpn -VpnType RouteBased -GatewaySku Basic

    Please click Accept Answer if above was helpful.

    Thanks.

    -TP

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Luke Murray 10,896 Reputation points MVP
    2023-09-24T01:54:48.8133333+00:00

    Hi, tsstrong.

    Something to note:

    The P2S isn't supported on a basic SKU, at least the OpenVPN IKEv2/OpenVPN connection, which it the most common supported P2S VPN connection type:

    User's image

    User's image

    Reference: Gateway SKUs by tunnel, connection, and throughput

    Reference: Transition to OpenVPN protocol or IKEv2 from SSTP

    PolicyBased VPNs can only be used on the Basic gateway SKU. This VPN type is not compatible with other gateway SKUs.
    Refer : https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#vpntype