az network vpn-connection
Manage VPN connections.
For more information on site-to-site connections, visit https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli. For more information on Vnet-to-Vnet connections, visit https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-cli.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network vpn-connection create |
Create a VPN connection. |
Core | GA |
| az network vpn-connection delete |
Delete a VPN connection. |
Core | GA |
| az network vpn-connection ipsec-policy |
Manage VPN connection IPSec policies. |
Core | GA |
| az network vpn-connection ipsec-policy add |
Add a VPN connection IPSec policy. |
Core | GA |
| az network vpn-connection ipsec-policy clear |
Delete all IPsec policies on a VPN connection. |
Core | GA |
| az network vpn-connection ipsec-policy list |
List IPSec policies associated with a VPN connection. |
Core | GA |
| az network vpn-connection ipsec-policy wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az network vpn-connection list |
List all VPN connections. |
Core | GA |
| az network vpn-connection list-ike-sas |
List IKE Security Associations for a VPN connection. |
Core | Preview |
| az network vpn-connection packet-capture |
Manage packet capture on a VPN connection. |
Core | GA |
| az network vpn-connection packet-capture start |
Start packet capture on a VPN connection. |
Core | GA |
| az network vpn-connection packet-capture stop |
Stop packet capture on a VPN connection. |
Core | Preview |
| az network vpn-connection packet-capture wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
| az network vpn-connection shared-key |
Manage VPN shared keys. |
Core | GA |
| az network vpn-connection shared-key reset |
Reset a VPN connection shared key. |
Core | GA |
| az network vpn-connection shared-key show |
Retrieve a VPN connection shared key. |
Core | GA |
| az network vpn-connection shared-key update |
Update a VPN connection shared key. |
Core | GA |
| az network vpn-connection show |
Get the details of a VPN connection. |
Core | GA |
| az network vpn-connection show-device-config-script |
Get a XML format representation for VPN connection device configuration script. |
Core | Preview |
| az network vpn-connection update |
Update a VPN connection. |
Core | GA |
| az network vpn-connection wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az network vpn-connection create
Create a VPN connection.
The VPN Gateway and Local Network Gateway must be provisioned before creating the connection between them.
az network vpn-connection create --name
--resource-group
--vnet-gateway1
[--authorization-key]
[--egress-nat-rule]
[--enable-bgp]
[--express-route-circuit2]
[--express-route-gateway-bypass {false, true}]
[--ingress-nat-rule]
[--local-gateway2]
[--location]
[--routing-weight]
[--shared-key]
[--tags]
[--use-policy-based-traffic-selectors {false, true}]
[--validate]
[--vnet-gateway2]Examples
Create a site-to-site connection between an Azure virtual network and an on-premises local network gateway.
az network vpn-connection create -g MyResourceGroup -n MyConnection --vnet-gateway1 MyVnetGateway --local-gateway2 MyLocalGateway --shared-key Abc123Create a VPN connection with --ingress-nat-rule.
az network vpn-connection create -g MyResourceGroup -n MyConnection --vnet-gateway1 MyVnetGateway --local-gateway2 MyLocalGateway --shared-key Abc123 --ingress-nat-rule /subscriptions/000/resourceGroups/TestBGPRG1/providers/Microsoft.Network/virtualNetworkGateways/gwx/natRules/natCreate a VPN connection. (autogenerated)
az network vpn-connection create --location westus2 --name MyConnection --resource-group MyResourceGroup --shared-key Abc123 --vnet-gateway1 MyVnetGateway --vnet-gateway2 /subscriptions/{subscriptionID}/resourceGroups/TestBGPRG1/providers/Microsoft.Network/virtualNetworkGateways/VNet1GWCreate a VPN connection. (autogenerated)
az network vpn-connection create --local-gateway2 MyLocalGateway --location westus2 --name MyConnection --resource-group MyResourceGroup --shared-key Abc123 --vnet-gateway1 MyVnetGatewayRequired Parameters
Connection name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of the source virtual network gateway.
Optional Parameters
The authorization key for the VPN connection.
List of egress NatRules.
Enable BGP for this VPN connection.
Name or ID of the destination ExpressRoute to connect to using an 'ExpressRoute' connection.
Bypass ExpressRoute gateway for data forwarding.
List of ingress NatRules.
Name or ID of the destination local network gateway to connect to using an 'IPSec' connection.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Connection routing weight.
Shared IPSec key.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Enable policy-based traffic selectors.
Display and validate the ARM template but do not create any resources.
Name or ID of the destination virtual network gateway to connect to using a 'Vnet2Vnet' connection.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vpn-connection delete
Delete a VPN connection.
az network vpn-connection delete [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Examples
Delete a VPN connection.
az network vpn-connection delete -g MyResourceGroup -n MyConnectionOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Connection name.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vpn-connection list
List all VPN connections.
az network vpn-connection list --resource-group
[--vnet-gateway]Examples
List all VPN connections in a resource group.
az network vpn-connection list -g MyResourceGroupList all VPN connections in a virtual network gateway.
az network vpn-connection list -g MyResourceGroup --vnet-gateway MyVnetGatewayRequired Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Name of the VNet gateway.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vpn-connection list-ike-sas
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
List IKE Security Associations for a VPN connection.
az network vpn-connection list-ike-sas [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Examples
List IKE Security Associations for a VPN connection.
az network vpn-connection list-ike-sas -g MyResourceGroup -n MyConnectionOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Connection name.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vpn-connection show
Get the details of a VPN connection.
az network vpn-connection show [--ids]
[--name]
[--resource-group]
[--subscription]Examples
View the details of a VPN connection.
az network vpn-connection show -g MyResourceGroup -n MyConnectionOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Connection name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vpn-connection show-device-config-script
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get a XML format representation for VPN connection device configuration script.
az network vpn-connection show-device-config-script --device-family
--firmware-version
--vendor
[--ids]
[--name]
[--resource-group]
[--subscription]Examples
Get a XML format representation for VPN connection device configuration script.
az network vpn-connection show-device-config-script -g MyResourceGroup -n MyConnection --vendor "Cisco" --device-family "Cisco-ISR(IOS)" --firmware-version "Cisco-ISR-15.x-- IKEv2+BGP"Required Parameters
The device family for the vpn device.
The firmware version for the vpn device.
The vendor for the vpn device.
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Connection name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vpn-connection update
Update a VPN connection.
az network vpn-connection update [--add]
[--enable-bgp {0, 1, f, false, n, no, t, true, y, yes}]
[--express-route-gateway-bypass {0, 1, f, false, n, no, t, true, y, yes}]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--remove]
[--resource-group]
[--routing-weight]
[--set]
[--shared-key]
[--subscription]
[--tags]
[--use-policy-based-traffic-selectors {0, 1, f, false, n, no, t, true, y, yes}]Examples
Add BGP to an existing connection.
az network vpn-connection update -g MyResourceGroup -n MyConnection --enable-bgp TrueUpdate a VPN connection.
az network vpn-connection update --name MyConnection --resource-group MyResourceGroup --use-policy-based-traffic-selectors trueOptional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
Enable BGP (Border Gateway Protocol).
Bypass ExpressRoute gateway for data forwarding.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Connection name.
Do not wait for the long-running operation to finish.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Connection routing weight.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
Shared IPSec key.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Enable policy-based traffic selectors.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network vpn-connection wait
Place the CLI in a waiting state until a condition is met.
az network vpn-connection wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
Connection name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
