Create an Azure Virtual Network Gateway with Private IP enabled, using AZ cli

Kenneth Eschrich 20 Reputation points

I am utilizing an IPsec VPN to encrypt traffic over an ExpressRoute. This is configured similar as to the documentation in, and is working correctly.

Now, I am attempting to script the deployment such that no interaction with the Azure portal is required. Since our other scripts are utilizing the AZ CLI and not the PowerShell library, I would like to do the same here.

There is a section in the instructions above in which PowerShell is utilized to modify an existing VGW to enable private IP addressing:

$Gateway = Get-AzVirtualNetworkGateway -Name <name of gateway> -ResourceGroup <name of resource group>

Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -EnablePrivateIpAddress $true

I can find no equivalent way to do this using the AZ cli (or preferably create the VGW with private IP's enabled from the get-go).

Can anyone point me towards how to do this?

Thank you1

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,208 questions
{count} votes

Accepted answer
  1. ChaitanyaNaykodi-MSFT 17,896 Reputation points Microsoft Employee

    @Kenneth Eschrich

    Apologies for the delayed response here. We did not yet hear back from the team. Meanwhile based on my search as well I could not find a way to enable the private IP flag using CLI commands and so I have filled a bug here on the AZ CLI repo. I also request you to file a feedback item on our feedback portal here.

    If it helps, you can use az rest to enable the private IP flag using the Virtual Network Gateways - Create Or Update REST API. Below is the sample script I created which you can use.

    In the script below please add the variable values from your environment. Regarding body.json file in the command below, the trick here is to perform a Virtual Network Gateways - Get REST API call and copy the response into notepad and change the "enablePrivateIpAddress": true, as shown below and save the file as body.json which you will pass in command (The file should be in the same directory).

    User's image

    az login
    az account set --subscription $subscriptionId 
    azureAccessToken=$(az account get-access-token --query accessToken -o tsv) 
    az rest --method put \
    --url "$subscriptionId/resourceGroups/$resourcegroup/providers/Microsoft.Network/virtualNetworkGateways/$vpnGatewayName?api-version=2023-05-01" \
    --headers "Authorization=Bearer $azureAccessToken" "Content-Type=application/json" \
    --body @body.json

    I tried the script on my end was successful in enabling the Gateway Private IP flag.

    User's image

    Just one small note, any update on VPN Gateway can take a while to go through. Please make sure the "provisioningState" is in "Succeeded" state before making any updates.

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    0 comments No comments

0 additional answers

Sort by: Most helpful