Create an Azure Virtual Network Gateway with Private IP enabled, using AZ cli

Kenneth Eschrich 20 Reputation points
2023-10-31T19:51:47.5033333+00:00

I am utilizing an IPsec VPN to encrypt traffic over an ExpressRoute. This is configured similar as to the documentation in https://learn.microsoft.com/en-us/azure/vpn-gateway/site-to-site-vpn-private-peering, and is working correctly.

Now, I am attempting to script the deployment such that no interaction with the Azure portal is required. Since our other scripts are utilizing the AZ CLI and not the PowerShell library, I would like to do the same here.

There is a section in the instructions above in which PowerShell is utilized to modify an existing VGW to enable private IP addressing:

$Gateway = Get-AzVirtualNetworkGateway -Name <name of gateway> -ResourceGroup <name of resource group>

Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -EnablePrivateIpAddress $true

I can find no equivalent way to do this using the AZ cli (or preferably create the VGW with private IP's enabled from the get-go).

Can anyone point me towards how to do this?

Thank you1

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,582 questions
{count} votes

Accepted answer
  1. ChaitanyaNaykodi-MSFT 26,706 Reputation points Microsoft Employee
    2023-11-16T00:01:54.07+00:00

    @Kenneth Eschrich

    Apologies for the delayed response here. We did not yet hear back from the team. Meanwhile based on my search as well I could not find a way to enable the private IP flag using CLI commands and so I have filled a bug here on the AZ CLI repo. I also request you to file a feedback item on our feedback portal here.

    If it helps, you can use az rest to enable the private IP flag using the Virtual Network Gateways - Create Or Update REST API. Below is the sample script I created which you can use.

    In the script below please add the variable values from your environment. Regarding body.json file in the command below, the trick here is to perform a Virtual Network Gateways - Get REST API call and copy the response into notepad and change the "enablePrivateIpAddress": true, as shown below and save the file as body.json which you will pass in command (The file should be in the same directory).

    User's image

    az login
    resourcegroup="YourRGName"
    vpnGatewayName="VPNGatewayName"
    subscriptionId="SUbID"
    az account set --subscription $subscriptionId 
    azureAccessToken=$(az account get-access-token --query accessToken -o tsv) 
    
    az rest --method put \
    --url "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourcegroup/providers/Microsoft.Network/virtualNetworkGateways/$vpnGatewayName?api-version=2023-05-01" \
    --headers "Authorization=Bearer $azureAccessToken" "Content-Type=application/json" \
    --body @body.json
    
    
    

    I tried the script on my end was successful in enabling the Gateway Private IP flag.

    User's image

    Just one small note, any update on VPN Gateway can take a while to go through. Please make sure the "provisioningState" is in "Succeeded" state before making any updates.

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.