Microsoft.Network connections 2021-05-01
- Latest
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-04-01
- 2019-02-01
- 2018-12-01
- 2018-11-01
- 2018-10-01
- 2018-08-01
- 2018-07-01
- 2018-06-01
- 2018-04-01
- 2018-02-01
- 2018-01-01
- 2017-11-01
- 2017-10-01
- 2017-09-01
- 2017-08-01
- 2017-06-01
- 2017-03-30
- 2017-03-01
- 2016-12-01
- 2016-09-01
- 2016-06-01
- 2016-03-30
- 2015-06-15
- 2015-05-01-preview
Bicep resource definition
The connections resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/connections resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/connections@2021-05-01' = {
location: 'string'
name: 'string'
properties: {
authorizationKey: 'string'
connectionMode: 'string'
connectionProtocol: 'string'
connectionType: 'string'
dpdTimeoutSeconds: int
egressNatRules: [
{
id: 'string'
}
]
enableBgp: bool
expressRouteGatewayBypass: bool
ingressNatRules: [
{
id: 'string'
}
]
ipsecPolicies: [
{
dhGroup: 'string'
ikeEncryption: 'string'
ikeIntegrity: 'string'
ipsecEncryption: 'string'
ipsecIntegrity: 'string'
pfsGroup: 'string'
saDataSizeKilobytes: int
saLifeTimeSeconds: int
}
]
localNetworkGateway2: {
id: 'string'
location: 'string'
properties: {
bgpSettings: {
asn: int
bgpPeeringAddress: 'string'
bgpPeeringAddresses: [
{
customBgpIpAddresses: [
'string'
]
ipconfigurationId: 'string'
}
]
peerWeight: int
}
fqdn: 'string'
gatewayIpAddress: 'string'
localNetworkAddressSpace: {
addressPrefixes: [
'string'
]
}
}
tags: {
{customized property}: 'string'
}
}
peer: {
id: 'string'
}
routingWeight: int
sharedKey: 'string'
trafficSelectorPolicies: [
{
localAddressRanges: [
'string'
]
remoteAddressRanges: [
'string'
]
}
]
useLocalAzureIpAddress: bool
usePolicyBasedTrafficSelectors: bool
virtualNetworkGateway1: {
extendedLocation: {
name: 'string'
type: 'string'
}
id: 'string'
location: 'string'
properties: {
activeActive: bool
bgpSettings: {
asn: int
bgpPeeringAddress: 'string'
bgpPeeringAddresses: [
{
customBgpIpAddresses: [
'string'
]
ipconfigurationId: 'string'
}
]
peerWeight: int
}
customRoutes: {
addressPrefixes: [
'string'
]
}
disableIPSecReplayProtection: bool
enableBgp: bool
enableBgpRouteTranslationForNat: bool
enableDnsForwarding: bool
enablePrivateIpAddress: bool
gatewayDefaultSite: {
id: 'string'
}
gatewayType: 'string'
ipConfigurations: [
{
id: 'string'
name: 'string'
properties: {
privateIPAllocationMethod: 'string'
publicIPAddress: {
id: 'string'
}
subnet: {
id: 'string'
}
}
}
]
natRules: [
{
id: 'string'
name: 'string'
properties: {
externalMappings: [
{
addressSpace: 'string'
portRange: 'string'
}
]
internalMappings: [
{
addressSpace: 'string'
portRange: 'string'
}
]
ipConfigurationId: 'string'
mode: 'string'
type: 'string'
}
}
]
sku: {
name: 'string'
tier: 'string'
}
vNetExtendedLocationResourceId: 'string'
vpnClientConfiguration: {
aadAudience: 'string'
aadIssuer: 'string'
aadTenant: 'string'
radiusServerAddress: 'string'
radiusServers: [
{
radiusServerAddress: 'string'
radiusServerScore: int
radiusServerSecret: 'string'
}
]
radiusServerSecret: 'string'
vpnAuthenticationTypes: [
'string'
]
vpnClientAddressPool: {
addressPrefixes: [
'string'
]
}
vpnClientIpsecPolicies: [
{
dhGroup: 'string'
ikeEncryption: 'string'
ikeIntegrity: 'string'
ipsecEncryption: 'string'
ipsecIntegrity: 'string'
pfsGroup: 'string'
saDataSizeKilobytes: int
saLifeTimeSeconds: int
}
]
vpnClientProtocols: [
'string'
]
vpnClientRevokedCertificates: [
{
id: 'string'
name: 'string'
properties: {
thumbprint: 'string'
}
}
]
vpnClientRootCertificates: [
{
id: 'string'
name: 'string'
properties: {
publicCertData: 'string'
}
}
]
}
vpnGatewayGeneration: 'string'
vpnType: 'string'
}
tags: {
{customized property}: 'string'
}
}
virtualNetworkGateway2: {
extendedLocation: {
name: 'string'
type: 'string'
}
id: 'string'
location: 'string'
properties: {
activeActive: bool
bgpSettings: {
asn: int
bgpPeeringAddress: 'string'
bgpPeeringAddresses: [
{
customBgpIpAddresses: [
'string'
]
ipconfigurationId: 'string'
}
]
peerWeight: int
}
customRoutes: {
addressPrefixes: [
'string'
]
}
disableIPSecReplayProtection: bool
enableBgp: bool
enableBgpRouteTranslationForNat: bool
enableDnsForwarding: bool
enablePrivateIpAddress: bool
gatewayDefaultSite: {
id: 'string'
}
gatewayType: 'string'
ipConfigurations: [
{
id: 'string'
name: 'string'
properties: {
privateIPAllocationMethod: 'string'
publicIPAddress: {
id: 'string'
}
subnet: {
id: 'string'
}
}
}
]
natRules: [
{
id: 'string'
name: 'string'
properties: {
externalMappings: [
{
addressSpace: 'string'
portRange: 'string'
}
]
internalMappings: [
{
addressSpace: 'string'
portRange: 'string'
}
]
ipConfigurationId: 'string'
mode: 'string'
type: 'string'
}
}
]
sku: {
name: 'string'
tier: 'string'
}
vNetExtendedLocationResourceId: 'string'
vpnClientConfiguration: {
aadAudience: 'string'
aadIssuer: 'string'
aadTenant: 'string'
radiusServerAddress: 'string'
radiusServers: [
{
radiusServerAddress: 'string'
radiusServerScore: int
radiusServerSecret: 'string'
}
]
radiusServerSecret: 'string'
vpnAuthenticationTypes: [
'string'
]
vpnClientAddressPool: {
addressPrefixes: [
'string'
]
}
vpnClientIpsecPolicies: [
{
dhGroup: 'string'
ikeEncryption: 'string'
ikeIntegrity: 'string'
ipsecEncryption: 'string'
ipsecIntegrity: 'string'
pfsGroup: 'string'
saDataSizeKilobytes: int
saLifeTimeSeconds: int
}
]
vpnClientProtocols: [
'string'
]
vpnClientRevokedCertificates: [
{
id: 'string'
name: 'string'
properties: {
thumbprint: 'string'
}
}
]
vpnClientRootCertificates: [
{
id: 'string'
name: 'string'
properties: {
publicCertData: 'string'
}
}
]
}
vpnGatewayGeneration: 'string'
vpnType: 'string'
}
tags: {
{customized property}: 'string'
}
}
}
tags: {
{customized property}: 'string'
}
}
Property values
AddressSpace
Name | Description | Value |
---|---|---|
addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] |
BgpSettings
Name | Description | Value |
---|---|---|
asn | The BGP speaker's ASN. | int Constraints: Min value = 0 Max value = 4294967295 |
bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string |
bgpPeeringAddresses | BGP peering address with IP configuration ID for virtual network gateway. | IPConfigurationBgpPeeringAddress[] |
peerWeight | The weight added to routes learned from this BGP speaker. | int |
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended location. | string |
type | The type of the extended location. | 'EdgeZone' |
IPConfigurationBgpPeeringAddress
Name | Description | Value |
---|---|---|
customBgpIpAddresses | The list of custom BGP peering addresses which belong to IP configuration. | string[] |
ipconfigurationId | The ID of IP configuration which belongs to gateway. | string |
IpsecPolicy
Name | Description | Value |
---|---|---|
dhGroup | The DH Group used in IKE Phase 1 for initial SA. | 'DHGroup1' 'DHGroup14' 'DHGroup2' 'DHGroup2048' 'DHGroup24' 'ECP256' 'ECP384' 'None' (required) |
ikeEncryption | The IKE encryption algorithm (IKE phase 2). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES256' (required) |
ikeIntegrity | The IKE integrity algorithm (IKE phase 2). | 'GCMAES128' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' 'SHA384' (required) |
ipsecEncryption | The IPSec encryption algorithm (IKE phase 1). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES192' 'GCMAES256' 'None' (required) |
ipsecIntegrity | The IPSec integrity algorithm (IKE phase 1). | 'GCMAES128' 'GCMAES192' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' (required) |
pfsGroup | The Pfs Group used in IKE Phase 2 for new child SA. | 'ECP256' 'ECP384' 'None' 'PFS1' 'PFS14' 'PFS2' 'PFS2048' 'PFS24' 'PFSMM' (required) |
saDataSizeKilobytes | The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. | int (required) |
saLifeTimeSeconds | The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. | int (required) |
LocalNetworkGateway
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the local network gateway. | LocalNetworkGatewayPropertiesFormat (required) |
tags | Resource tags. | ResourceTags |
LocalNetworkGatewayPropertiesFormat
Name | Description | Value |
---|---|---|
bgpSettings | Local network gateway's BGP speaker settings. | BgpSettings |
fqdn | FQDN of local network gateway. | string |
gatewayIpAddress | IP address of local network gateway. | string |
localNetworkAddressSpace | Local network site address space. | AddressSpace |
Microsoft.Network/connections
Name | Description | Value |
---|---|---|
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of the virtual network gateway connection. | VirtualNetworkGatewayConnectionPropertiesFormat (required) |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
RadiusServer
Name | Description | Value |
---|---|---|
radiusServerAddress | The address of this radius server. | string (required) |
radiusServerScore | The initial score assigned to this radius server. | int |
radiusServerSecret | The secret used for this radius server. | string |
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
TrafficSelectorPolicy
Name | Description | Value |
---|---|---|
localAddressRanges | A collection of local address spaces in CIDR format. | string[] (required) |
remoteAddressRanges | A collection of remote address spaces in CIDR format. | string[] (required) |
VirtualNetworkGateway
Name | Description | Value |
---|---|---|
extendedLocation | The extended location of type local virtual network gateway. | ExtendedLocation |
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the virtual network gateway. | VirtualNetworkGatewayPropertiesFormat (required) |
tags | Resource tags. | ResourceTags |
VirtualNetworkGatewayConnectionPropertiesFormat
Name | Description | Value |
---|---|---|
authorizationKey | The authorizationKey. | string |
connectionMode | The connection mode for this connection. | 'Default' 'InitiatorOnly' 'ResponderOnly' |
connectionProtocol | Connection protocol used for this connection. | 'IKEv1' 'IKEv2' |
connectionType | Gateway connection type. | 'ExpressRoute' 'IPsec' 'Vnet2Vnet' 'VPNClient' (required) |
dpdTimeoutSeconds | The dead peer detection timeout of this connection in seconds. | int |
egressNatRules | List of egress NatRules. | SubResource[] |
enableBgp | EnableBgp flag. | bool |
expressRouteGatewayBypass | Bypass ExpressRoute Gateway for data forwarding. | bool |
ingressNatRules | List of ingress NatRules. | SubResource[] |
ipsecPolicies | The IPSec Policies to be considered by this connection. | IpsecPolicy[] |
localNetworkGateway2 | The reference to local network gateway resource. | LocalNetworkGateway |
peer | The reference to peerings resource. | SubResource |
routingWeight | The routing weight. | int |
sharedKey | The IPSec shared key. | string |
trafficSelectorPolicies | The Traffic Selector Policies to be considered by this connection. | TrafficSelectorPolicy[] |
useLocalAzureIpAddress | Use private local Azure IP for the connection. | bool |
usePolicyBasedTrafficSelectors | Enable policy-based traffic selectors. | bool |
virtualNetworkGateway1 | The reference to virtual network gateway resource. | VirtualNetworkGateway (required) |
virtualNetworkGateway2 | The reference to virtual network gateway resource. | VirtualNetworkGateway |
VirtualNetworkGatewayIPConfiguration
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the virtual network gateway ip configuration. | VirtualNetworkGatewayIPConfigurationPropertiesFormat |
VirtualNetworkGatewayIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
privateIPAllocationMethod | The private IP address allocation method. | 'Dynamic' 'Static' |
publicIPAddress | The reference to the public IP resource. | SubResource |
subnet | The reference to the subnet resource. | SubResource |
VirtualNetworkGatewayNatRule
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the Virtual Network Gateway NAT rule. | VirtualNetworkGatewayNatRuleProperties |
VirtualNetworkGatewayNatRuleProperties
Name | Description | Value |
---|---|---|
externalMappings | The private IP address external mapping for NAT. | VpnNatRuleMapping[] |
internalMappings | The private IP address internal mapping for NAT. | VpnNatRuleMapping[] |
ipConfigurationId | The IP Configuration ID this NAT rule applies to. | string |
mode | The Source NAT direction of a VPN NAT. | 'EgressSnat' 'IngressSnat' |
type | The type of NAT rule for VPN NAT. | 'Dynamic' 'Static' |
VirtualNetworkGatewayPropertiesFormat
Name | Description | Value |
---|---|---|
activeActive | ActiveActive flag. | bool |
bgpSettings | Virtual network gateway's BGP speaker settings. | BgpSettings |
customRoutes | The reference to the address space resource which represents the custom routes address space specified by the customer for virtual network gateway and VpnClient. | AddressSpace |
disableIPSecReplayProtection | disableIPSecReplayProtection flag. | bool |
enableBgp | Whether BGP is enabled for this virtual network gateway or not. | bool |
enableBgpRouteTranslationForNat | EnableBgpRouteTranslationForNat flag. | bool |
enableDnsForwarding | Whether dns forwarding is enabled or not. | bool |
enablePrivateIpAddress | Whether private IP needs to be enabled on this gateway for connections or not. | bool |
gatewayDefaultSite | The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. | SubResource |
gatewayType | The type of this virtual network gateway. | 'ExpressRoute' 'LocalGateway' 'Vpn' |
ipConfigurations | IP configurations for virtual network gateway. | VirtualNetworkGatewayIPConfiguration[] |
natRules | NatRules for virtual network gateway. | VirtualNetworkGatewayNatRule[] |
sku | The reference to the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway. | VirtualNetworkGatewaySku |
vNetExtendedLocationResourceId | Customer vnet resource id. VirtualNetworkGateway of type local gateway is associated with the customer vnet. | string |
vpnClientConfiguration | The reference to the VpnClientConfiguration resource which represents the P2S VpnClient configurations. | VpnClientConfiguration |
vpnGatewayGeneration | The generation for this VirtualNetworkGateway. Must be None if gatewayType is not VPN. | 'Generation1' 'Generation2' 'None' |
vpnType | The type of this virtual network gateway. | 'PolicyBased' 'RouteBased' |
VirtualNetworkGatewaySku
Name | Description | Value |
---|---|---|
name | Gateway SKU name. | 'Basic' 'ErGw1AZ' 'ErGw2AZ' 'ErGw3AZ' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw1AZ' 'VpnGw2' 'VpnGw2AZ' 'VpnGw3' 'VpnGw3AZ' 'VpnGw4' 'VpnGw4AZ' 'VpnGw5' 'VpnGw5AZ' |
tier | Gateway SKU tier. | 'Basic' 'ErGw1AZ' 'ErGw2AZ' 'ErGw3AZ' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw1AZ' 'VpnGw2' 'VpnGw2AZ' 'VpnGw3' 'VpnGw3AZ' 'VpnGw4' 'VpnGw4AZ' 'VpnGw5' 'VpnGw5AZ' |
VpnClientConfiguration
Name | Description | Value |
---|---|---|
aadAudience | The AADAudience property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
aadIssuer | The AADIssuer property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
aadTenant | The AADTenant property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
radiusServerAddress | The radius server address property of the VirtualNetworkGateway resource for vpn client connection. | string |
radiusServers | The radiusServers property for multiple radius server configuration. | RadiusServer[] |
radiusServerSecret | The radius secret property of the VirtualNetworkGateway resource for vpn client connection. | string |
vpnAuthenticationTypes | VPN authentication types for the virtual network gateway.. | String array containing any of: 'AAD' 'Certificate' 'Radius' |
vpnClientAddressPool | The reference to the address space resource which represents Address space for P2S VpnClient. | AddressSpace |
vpnClientIpsecPolicies | VpnClientIpsecPolicies for virtual network gateway P2S client. | IpsecPolicy[] |
vpnClientProtocols | VpnClientProtocols for Virtual network gateway. | String array containing any of: 'IkeV2' 'OpenVPN' 'SSTP' |
vpnClientRevokedCertificates | VpnClientRevokedCertificate for Virtual network gateway. | VpnClientRevokedCertificate[] |
vpnClientRootCertificates | VpnClientRootCertificate for virtual network gateway. | VpnClientRootCertificate[] |
VpnClientRevokedCertificate
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client revoked certificate. | VpnClientRevokedCertificatePropertiesFormat |
VpnClientRevokedCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
thumbprint | The revoked VPN client certificate thumbprint. | string |
VpnClientRootCertificate
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client root certificate. | VpnClientRootCertificatePropertiesFormat (required) |
VpnClientRootCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
publicCertData | The certificate public data. | string (required) |
VpnNatRuleMapping
Name | Description | Value |
---|---|---|
addressSpace | Address space for Vpn NatRule mapping. | string |
portRange | Port range for Vpn NatRule mapping. | string |
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
Create a BGP VNET to VNET connection | This template allows you to connect two VNETs using Virtual Network Gateways and BGP |
Site-to-Site VPN with active-active VPN Gateways with BGP | This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones. |
ARM template resource definition
The connections resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/connections resource, add the following JSON to your template.
{
"type": "Microsoft.Network/connections",
"apiVersion": "2021-05-01",
"name": "string",
"location": "string",
"properties": {
"authorizationKey": "string",
"connectionMode": "string",
"connectionProtocol": "string",
"connectionType": "string",
"dpdTimeoutSeconds": "int",
"egressNatRules": [
{
"id": "string"
}
],
"enableBgp": "bool",
"expressRouteGatewayBypass": "bool",
"ingressNatRules": [
{
"id": "string"
}
],
"ipsecPolicies": [
{
"dhGroup": "string",
"ikeEncryption": "string",
"ikeIntegrity": "string",
"ipsecEncryption": "string",
"ipsecIntegrity": "string",
"pfsGroup": "string",
"saDataSizeKilobytes": "int",
"saLifeTimeSeconds": "int"
}
],
"localNetworkGateway2": {
"id": "string",
"location": "string",
"properties": {
"bgpSettings": {
"asn": "int",
"bgpPeeringAddress": "string",
"bgpPeeringAddresses": [
{
"customBgpIpAddresses": [ "string" ],
"ipconfigurationId": "string"
}
],
"peerWeight": "int"
},
"fqdn": "string",
"gatewayIpAddress": "string",
"localNetworkAddressSpace": {
"addressPrefixes": [ "string" ]
}
},
"tags": {
"{customized property}": "string"
}
},
"peer": {
"id": "string"
},
"routingWeight": "int",
"sharedKey": "string",
"trafficSelectorPolicies": [
{
"localAddressRanges": [ "string" ],
"remoteAddressRanges": [ "string" ]
}
],
"useLocalAzureIpAddress": "bool",
"usePolicyBasedTrafficSelectors": "bool",
"virtualNetworkGateway1": {
"extendedLocation": {
"name": "string",
"type": "string"
},
"id": "string",
"location": "string",
"properties": {
"activeActive": "bool",
"bgpSettings": {
"asn": "int",
"bgpPeeringAddress": "string",
"bgpPeeringAddresses": [
{
"customBgpIpAddresses": [ "string" ],
"ipconfigurationId": "string"
}
],
"peerWeight": "int"
},
"customRoutes": {
"addressPrefixes": [ "string" ]
},
"disableIPSecReplayProtection": "bool",
"enableBgp": "bool",
"enableBgpRouteTranslationForNat": "bool",
"enableDnsForwarding": "bool",
"enablePrivateIpAddress": "bool",
"gatewayDefaultSite": {
"id": "string"
},
"gatewayType": "string",
"ipConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"privateIPAllocationMethod": "string",
"publicIPAddress": {
"id": "string"
},
"subnet": {
"id": "string"
}
}
}
],
"natRules": [
{
"id": "string",
"name": "string",
"properties": {
"externalMappings": [
{
"addressSpace": "string",
"portRange": "string"
}
],
"internalMappings": [
{
"addressSpace": "string",
"portRange": "string"
}
],
"ipConfigurationId": "string",
"mode": "string",
"type": "string"
}
}
],
"sku": {
"name": "string",
"tier": "string"
},
"vNetExtendedLocationResourceId": "string",
"vpnClientConfiguration": {
"aadAudience": "string",
"aadIssuer": "string",
"aadTenant": "string",
"radiusServerAddress": "string",
"radiusServers": [
{
"radiusServerAddress": "string",
"radiusServerScore": "int",
"radiusServerSecret": "string"
}
],
"radiusServerSecret": "string",
"vpnAuthenticationTypes": [ "string" ],
"vpnClientAddressPool": {
"addressPrefixes": [ "string" ]
},
"vpnClientIpsecPolicies": [
{
"dhGroup": "string",
"ikeEncryption": "string",
"ikeIntegrity": "string",
"ipsecEncryption": "string",
"ipsecIntegrity": "string",
"pfsGroup": "string",
"saDataSizeKilobytes": "int",
"saLifeTimeSeconds": "int"
}
],
"vpnClientProtocols": [ "string" ],
"vpnClientRevokedCertificates": [
{
"id": "string",
"name": "string",
"properties": {
"thumbprint": "string"
}
}
],
"vpnClientRootCertificates": [
{
"id": "string",
"name": "string",
"properties": {
"publicCertData": "string"
}
}
]
},
"vpnGatewayGeneration": "string",
"vpnType": "string"
},
"tags": {
"{customized property}": "string"
}
},
"virtualNetworkGateway2": {
"extendedLocation": {
"name": "string",
"type": "string"
},
"id": "string",
"location": "string",
"properties": {
"activeActive": "bool",
"bgpSettings": {
"asn": "int",
"bgpPeeringAddress": "string",
"bgpPeeringAddresses": [
{
"customBgpIpAddresses": [ "string" ],
"ipconfigurationId": "string"
}
],
"peerWeight": "int"
},
"customRoutes": {
"addressPrefixes": [ "string" ]
},
"disableIPSecReplayProtection": "bool",
"enableBgp": "bool",
"enableBgpRouteTranslationForNat": "bool",
"enableDnsForwarding": "bool",
"enablePrivateIpAddress": "bool",
"gatewayDefaultSite": {
"id": "string"
},
"gatewayType": "string",
"ipConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"privateIPAllocationMethod": "string",
"publicIPAddress": {
"id": "string"
},
"subnet": {
"id": "string"
}
}
}
],
"natRules": [
{
"id": "string",
"name": "string",
"properties": {
"externalMappings": [
{
"addressSpace": "string",
"portRange": "string"
}
],
"internalMappings": [
{
"addressSpace": "string",
"portRange": "string"
}
],
"ipConfigurationId": "string",
"mode": "string",
"type": "string"
}
}
],
"sku": {
"name": "string",
"tier": "string"
},
"vNetExtendedLocationResourceId": "string",
"vpnClientConfiguration": {
"aadAudience": "string",
"aadIssuer": "string",
"aadTenant": "string",
"radiusServerAddress": "string",
"radiusServers": [
{
"radiusServerAddress": "string",
"radiusServerScore": "int",
"radiusServerSecret": "string"
}
],
"radiusServerSecret": "string",
"vpnAuthenticationTypes": [ "string" ],
"vpnClientAddressPool": {
"addressPrefixes": [ "string" ]
},
"vpnClientIpsecPolicies": [
{
"dhGroup": "string",
"ikeEncryption": "string",
"ikeIntegrity": "string",
"ipsecEncryption": "string",
"ipsecIntegrity": "string",
"pfsGroup": "string",
"saDataSizeKilobytes": "int",
"saLifeTimeSeconds": "int"
}
],
"vpnClientProtocols": [ "string" ],
"vpnClientRevokedCertificates": [
{
"id": "string",
"name": "string",
"properties": {
"thumbprint": "string"
}
}
],
"vpnClientRootCertificates": [
{
"id": "string",
"name": "string",
"properties": {
"publicCertData": "string"
}
}
]
},
"vpnGatewayGeneration": "string",
"vpnType": "string"
},
"tags": {
"{customized property}": "string"
}
}
},
"tags": {
"{customized property}": "string"
}
}
Property values
AddressSpace
Name | Description | Value |
---|---|---|
addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] |
BgpSettings
Name | Description | Value |
---|---|---|
asn | The BGP speaker's ASN. | int Constraints: Min value = 0 Max value = 4294967295 |
bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string |
bgpPeeringAddresses | BGP peering address with IP configuration ID for virtual network gateway. | IPConfigurationBgpPeeringAddress[] |
peerWeight | The weight added to routes learned from this BGP speaker. | int |
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended location. | string |
type | The type of the extended location. | 'EdgeZone' |
IPConfigurationBgpPeeringAddress
Name | Description | Value |
---|---|---|
customBgpIpAddresses | The list of custom BGP peering addresses which belong to IP configuration. | string[] |
ipconfigurationId | The ID of IP configuration which belongs to gateway. | string |
IpsecPolicy
Name | Description | Value |
---|---|---|
dhGroup | The DH Group used in IKE Phase 1 for initial SA. | 'DHGroup1' 'DHGroup14' 'DHGroup2' 'DHGroup2048' 'DHGroup24' 'ECP256' 'ECP384' 'None' (required) |
ikeEncryption | The IKE encryption algorithm (IKE phase 2). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES256' (required) |
ikeIntegrity | The IKE integrity algorithm (IKE phase 2). | 'GCMAES128' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' 'SHA384' (required) |
ipsecEncryption | The IPSec encryption algorithm (IKE phase 1). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES192' 'GCMAES256' 'None' (required) |
ipsecIntegrity | The IPSec integrity algorithm (IKE phase 1). | 'GCMAES128' 'GCMAES192' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' (required) |
pfsGroup | The Pfs Group used in IKE Phase 2 for new child SA. | 'ECP256' 'ECP384' 'None' 'PFS1' 'PFS14' 'PFS2' 'PFS2048' 'PFS24' 'PFSMM' (required) |
saDataSizeKilobytes | The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. | int (required) |
saLifeTimeSeconds | The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. | int (required) |
LocalNetworkGateway
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the local network gateway. | LocalNetworkGatewayPropertiesFormat (required) |
tags | Resource tags. | ResourceTags |
LocalNetworkGatewayPropertiesFormat
Name | Description | Value |
---|---|---|
bgpSettings | Local network gateway's BGP speaker settings. | BgpSettings |
fqdn | FQDN of local network gateway. | string |
gatewayIpAddress | IP address of local network gateway. | string |
localNetworkAddressSpace | Local network site address space. | AddressSpace |
Microsoft.Network/connections
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2021-05-01' |
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of the virtual network gateway connection. | VirtualNetworkGatewayConnectionPropertiesFormat (required) |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Network/connections' |
RadiusServer
Name | Description | Value |
---|---|---|
radiusServerAddress | The address of this radius server. | string (required) |
radiusServerScore | The initial score assigned to this radius server. | int |
radiusServerSecret | The secret used for this radius server. | string |
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
TrafficSelectorPolicy
Name | Description | Value |
---|---|---|
localAddressRanges | A collection of local address spaces in CIDR format. | string[] (required) |
remoteAddressRanges | A collection of remote address spaces in CIDR format. | string[] (required) |
VirtualNetworkGateway
Name | Description | Value |
---|---|---|
extendedLocation | The extended location of type local virtual network gateway. | ExtendedLocation |
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the virtual network gateway. | VirtualNetworkGatewayPropertiesFormat (required) |
tags | Resource tags. | ResourceTags |
VirtualNetworkGatewayConnectionPropertiesFormat
Name | Description | Value |
---|---|---|
authorizationKey | The authorizationKey. | string |
connectionMode | The connection mode for this connection. | 'Default' 'InitiatorOnly' 'ResponderOnly' |
connectionProtocol | Connection protocol used for this connection. | 'IKEv1' 'IKEv2' |
connectionType | Gateway connection type. | 'ExpressRoute' 'IPsec' 'Vnet2Vnet' 'VPNClient' (required) |
dpdTimeoutSeconds | The dead peer detection timeout of this connection in seconds. | int |
egressNatRules | List of egress NatRules. | SubResource[] |
enableBgp | EnableBgp flag. | bool |
expressRouteGatewayBypass | Bypass ExpressRoute Gateway for data forwarding. | bool |
ingressNatRules | List of ingress NatRules. | SubResource[] |
ipsecPolicies | The IPSec Policies to be considered by this connection. | IpsecPolicy[] |
localNetworkGateway2 | The reference to local network gateway resource. | LocalNetworkGateway |
peer | The reference to peerings resource. | SubResource |
routingWeight | The routing weight. | int |
sharedKey | The IPSec shared key. | string |
trafficSelectorPolicies | The Traffic Selector Policies to be considered by this connection. | TrafficSelectorPolicy[] |
useLocalAzureIpAddress | Use private local Azure IP for the connection. | bool |
usePolicyBasedTrafficSelectors | Enable policy-based traffic selectors. | bool |
virtualNetworkGateway1 | The reference to virtual network gateway resource. | VirtualNetworkGateway (required) |
virtualNetworkGateway2 | The reference to virtual network gateway resource. | VirtualNetworkGateway |
VirtualNetworkGatewayIPConfiguration
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the virtual network gateway ip configuration. | VirtualNetworkGatewayIPConfigurationPropertiesFormat |
VirtualNetworkGatewayIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
privateIPAllocationMethod | The private IP address allocation method. | 'Dynamic' 'Static' |
publicIPAddress | The reference to the public IP resource. | SubResource |
subnet | The reference to the subnet resource. | SubResource |
VirtualNetworkGatewayNatRule
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the Virtual Network Gateway NAT rule. | VirtualNetworkGatewayNatRuleProperties |
VirtualNetworkGatewayNatRuleProperties
Name | Description | Value |
---|---|---|
externalMappings | The private IP address external mapping for NAT. | VpnNatRuleMapping[] |
internalMappings | The private IP address internal mapping for NAT. | VpnNatRuleMapping[] |
ipConfigurationId | The IP Configuration ID this NAT rule applies to. | string |
mode | The Source NAT direction of a VPN NAT. | 'EgressSnat' 'IngressSnat' |
type | The type of NAT rule for VPN NAT. | 'Dynamic' 'Static' |
VirtualNetworkGatewayPropertiesFormat
Name | Description | Value |
---|---|---|
activeActive | ActiveActive flag. | bool |
bgpSettings | Virtual network gateway's BGP speaker settings. | BgpSettings |
customRoutes | The reference to the address space resource which represents the custom routes address space specified by the customer for virtual network gateway and VpnClient. | AddressSpace |
disableIPSecReplayProtection | disableIPSecReplayProtection flag. | bool |
enableBgp | Whether BGP is enabled for this virtual network gateway or not. | bool |
enableBgpRouteTranslationForNat | EnableBgpRouteTranslationForNat flag. | bool |
enableDnsForwarding | Whether dns forwarding is enabled or not. | bool |
enablePrivateIpAddress | Whether private IP needs to be enabled on this gateway for connections or not. | bool |
gatewayDefaultSite | The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. | SubResource |
gatewayType | The type of this virtual network gateway. | 'ExpressRoute' 'LocalGateway' 'Vpn' |
ipConfigurations | IP configurations for virtual network gateway. | VirtualNetworkGatewayIPConfiguration[] |
natRules | NatRules for virtual network gateway. | VirtualNetworkGatewayNatRule[] |
sku | The reference to the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway. | VirtualNetworkGatewaySku |
vNetExtendedLocationResourceId | Customer vnet resource id. VirtualNetworkGateway of type local gateway is associated with the customer vnet. | string |
vpnClientConfiguration | The reference to the VpnClientConfiguration resource which represents the P2S VpnClient configurations. | VpnClientConfiguration |
vpnGatewayGeneration | The generation for this VirtualNetworkGateway. Must be None if gatewayType is not VPN. | 'Generation1' 'Generation2' 'None' |
vpnType | The type of this virtual network gateway. | 'PolicyBased' 'RouteBased' |
VirtualNetworkGatewaySku
Name | Description | Value |
---|---|---|
name | Gateway SKU name. | 'Basic' 'ErGw1AZ' 'ErGw2AZ' 'ErGw3AZ' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw1AZ' 'VpnGw2' 'VpnGw2AZ' 'VpnGw3' 'VpnGw3AZ' 'VpnGw4' 'VpnGw4AZ' 'VpnGw5' 'VpnGw5AZ' |
tier | Gateway SKU tier. | 'Basic' 'ErGw1AZ' 'ErGw2AZ' 'ErGw3AZ' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw1AZ' 'VpnGw2' 'VpnGw2AZ' 'VpnGw3' 'VpnGw3AZ' 'VpnGw4' 'VpnGw4AZ' 'VpnGw5' 'VpnGw5AZ' |
VpnClientConfiguration
Name | Description | Value |
---|---|---|
aadAudience | The AADAudience property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
aadIssuer | The AADIssuer property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
aadTenant | The AADTenant property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
radiusServerAddress | The radius server address property of the VirtualNetworkGateway resource for vpn client connection. | string |
radiusServers | The radiusServers property for multiple radius server configuration. | RadiusServer[] |
radiusServerSecret | The radius secret property of the VirtualNetworkGateway resource for vpn client connection. | string |
vpnAuthenticationTypes | VPN authentication types for the virtual network gateway.. | String array containing any of: 'AAD' 'Certificate' 'Radius' |
vpnClientAddressPool | The reference to the address space resource which represents Address space for P2S VpnClient. | AddressSpace |
vpnClientIpsecPolicies | VpnClientIpsecPolicies for virtual network gateway P2S client. | IpsecPolicy[] |
vpnClientProtocols | VpnClientProtocols for Virtual network gateway. | String array containing any of: 'IkeV2' 'OpenVPN' 'SSTP' |
vpnClientRevokedCertificates | VpnClientRevokedCertificate for Virtual network gateway. | VpnClientRevokedCertificate[] |
vpnClientRootCertificates | VpnClientRootCertificate for virtual network gateway. | VpnClientRootCertificate[] |
VpnClientRevokedCertificate
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client revoked certificate. | VpnClientRevokedCertificatePropertiesFormat |
VpnClientRevokedCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
thumbprint | The revoked VPN client certificate thumbprint. | string |
VpnClientRootCertificate
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client root certificate. | VpnClientRootCertificatePropertiesFormat (required) |
VpnClientRootCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
publicCertData | The certificate public data. | string (required) |
VpnNatRuleMapping
Name | Description | Value |
---|---|---|
addressSpace | Address space for Vpn NatRule mapping. | string |
portRange | Port range for Vpn NatRule mapping. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
BOSH CF Cross Region |
This template helps you setup the resources needed to deploy BOSH and Cloud Foundry across two regions on Azure. |
Connect an ExpressRoute circuit to a VNET |
This template creates a VNET, an ExpresRoute Gateway and a connection to a provisioned and enabled ExpressRoute circuit with AzurePrivatePeering configured. |
Create a BGP VNET to VNET connection |
This template allows you to connect two VNETs using Virtual Network Gateways and BGP |
Create a Site-to-Site VPN Connection |
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways |
Create a Site-to-Site VPN Connection with VM |
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways |
Create a VNET to VNET connection across two regions |
This template allows you to connect two VNETs in different regions using Virtual Network Gateways |
Create three vNets to demonstrate transitive BGP connections |
This template deploys three vNets connected using Virtual Network Gateways and BGP-enabled connections |
Deploy HBase geo replication |
This template allows you to configure an Azure environment for HBase replication across two different regions with VPN vnet-to-vnet connection. |
Extend an existing Azure VNET to a Multi-VNET Configuration |
This template allows you to extend an existing single VNET environment to a Multi-VNET environment that extends across two datacenter regions using VNET-to-VNET gateways |
Site-to-Site VPN with active-active VPN Gateways with BGP |
This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones. |
VPN Custom IPSec Policy |
This custom IPSec Policy allows more granular configuration of the IKE Parameters. This allows you to deploy a site-to-site VPN Policy to support specific settings on your VPN Endpoit Device. |
Terraform (AzAPI provider) resource definition
The connections resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/connections resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/connections@2021-05-01"
name = "string"
location = "string"
body = jsonencode({
properties = {
authorizationKey = "string"
connectionMode = "string"
connectionProtocol = "string"
connectionType = "string"
dpdTimeoutSeconds = int
egressNatRules = [
{
id = "string"
}
]
enableBgp = bool
expressRouteGatewayBypass = bool
ingressNatRules = [
{
id = "string"
}
]
ipsecPolicies = [
{
dhGroup = "string"
ikeEncryption = "string"
ikeIntegrity = "string"
ipsecEncryption = "string"
ipsecIntegrity = "string"
pfsGroup = "string"
saDataSizeKilobytes = int
saLifeTimeSeconds = int
}
]
localNetworkGateway2 = {
id = "string"
location = "string"
properties = {
bgpSettings = {
asn = int
bgpPeeringAddress = "string"
bgpPeeringAddresses = [
{
customBgpIpAddresses = [
"string"
]
ipconfigurationId = "string"
}
]
peerWeight = int
}
fqdn = "string"
gatewayIpAddress = "string"
localNetworkAddressSpace = {
addressPrefixes = [
"string"
]
}
}
tags = {
{customized property} = "string"
}
}
peer = {
id = "string"
}
routingWeight = int
sharedKey = "string"
trafficSelectorPolicies = [
{
localAddressRanges = [
"string"
]
remoteAddressRanges = [
"string"
]
}
]
useLocalAzureIpAddress = bool
usePolicyBasedTrafficSelectors = bool
virtualNetworkGateway1 = {
extendedLocation = {
name = "string"
type = "string"
}
id = "string"
location = "string"
properties = {
activeActive = bool
bgpSettings = {
asn = int
bgpPeeringAddress = "string"
bgpPeeringAddresses = [
{
customBgpIpAddresses = [
"string"
]
ipconfigurationId = "string"
}
]
peerWeight = int
}
customRoutes = {
addressPrefixes = [
"string"
]
}
disableIPSecReplayProtection = bool
enableBgp = bool
enableBgpRouteTranslationForNat = bool
enableDnsForwarding = bool
enablePrivateIpAddress = bool
gatewayDefaultSite = {
id = "string"
}
gatewayType = "string"
ipConfigurations = [
{
id = "string"
name = "string"
properties = {
privateIPAllocationMethod = "string"
publicIPAddress = {
id = "string"
}
subnet = {
id = "string"
}
}
}
]
natRules = [
{
id = "string"
name = "string"
properties = {
externalMappings = [
{
addressSpace = "string"
portRange = "string"
}
]
internalMappings = [
{
addressSpace = "string"
portRange = "string"
}
]
ipConfigurationId = "string"
mode = "string"
type = "string"
}
}
]
sku = {
name = "string"
tier = "string"
}
vNetExtendedLocationResourceId = "string"
vpnClientConfiguration = {
aadAudience = "string"
aadIssuer = "string"
aadTenant = "string"
radiusServerAddress = "string"
radiusServers = [
{
radiusServerAddress = "string"
radiusServerScore = int
radiusServerSecret = "string"
}
]
radiusServerSecret = "string"
vpnAuthenticationTypes = [
"string"
]
vpnClientAddressPool = {
addressPrefixes = [
"string"
]
}
vpnClientIpsecPolicies = [
{
dhGroup = "string"
ikeEncryption = "string"
ikeIntegrity = "string"
ipsecEncryption = "string"
ipsecIntegrity = "string"
pfsGroup = "string"
saDataSizeKilobytes = int
saLifeTimeSeconds = int
}
]
vpnClientProtocols = [
"string"
]
vpnClientRevokedCertificates = [
{
id = "string"
name = "string"
properties = {
thumbprint = "string"
}
}
]
vpnClientRootCertificates = [
{
id = "string"
name = "string"
properties = {
publicCertData = "string"
}
}
]
}
vpnGatewayGeneration = "string"
vpnType = "string"
}
tags = {
{customized property} = "string"
}
}
virtualNetworkGateway2 = {
extendedLocation = {
name = "string"
type = "string"
}
id = "string"
location = "string"
properties = {
activeActive = bool
bgpSettings = {
asn = int
bgpPeeringAddress = "string"
bgpPeeringAddresses = [
{
customBgpIpAddresses = [
"string"
]
ipconfigurationId = "string"
}
]
peerWeight = int
}
customRoutes = {
addressPrefixes = [
"string"
]
}
disableIPSecReplayProtection = bool
enableBgp = bool
enableBgpRouteTranslationForNat = bool
enableDnsForwarding = bool
enablePrivateIpAddress = bool
gatewayDefaultSite = {
id = "string"
}
gatewayType = "string"
ipConfigurations = [
{
id = "string"
name = "string"
properties = {
privateIPAllocationMethod = "string"
publicIPAddress = {
id = "string"
}
subnet = {
id = "string"
}
}
}
]
natRules = [
{
id = "string"
name = "string"
properties = {
externalMappings = [
{
addressSpace = "string"
portRange = "string"
}
]
internalMappings = [
{
addressSpace = "string"
portRange = "string"
}
]
ipConfigurationId = "string"
mode = "string"
type = "string"
}
}
]
sku = {
name = "string"
tier = "string"
}
vNetExtendedLocationResourceId = "string"
vpnClientConfiguration = {
aadAudience = "string"
aadIssuer = "string"
aadTenant = "string"
radiusServerAddress = "string"
radiusServers = [
{
radiusServerAddress = "string"
radiusServerScore = int
radiusServerSecret = "string"
}
]
radiusServerSecret = "string"
vpnAuthenticationTypes = [
"string"
]
vpnClientAddressPool = {
addressPrefixes = [
"string"
]
}
vpnClientIpsecPolicies = [
{
dhGroup = "string"
ikeEncryption = "string"
ikeIntegrity = "string"
ipsecEncryption = "string"
ipsecIntegrity = "string"
pfsGroup = "string"
saDataSizeKilobytes = int
saLifeTimeSeconds = int
}
]
vpnClientProtocols = [
"string"
]
vpnClientRevokedCertificates = [
{
id = "string"
name = "string"
properties = {
thumbprint = "string"
}
}
]
vpnClientRootCertificates = [
{
id = "string"
name = "string"
properties = {
publicCertData = "string"
}
}
]
}
vpnGatewayGeneration = "string"
vpnType = "string"
}
tags = {
{customized property} = "string"
}
}
}
})
tags = {
{customized property} = "string"
}
}
Property values
AddressSpace
Name | Description | Value |
---|---|---|
addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] |
BgpSettings
Name | Description | Value |
---|---|---|
asn | The BGP speaker's ASN. | int Constraints: Min value = 0 Max value = 4294967295 |
bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string |
bgpPeeringAddresses | BGP peering address with IP configuration ID for virtual network gateway. | IPConfigurationBgpPeeringAddress[] |
peerWeight | The weight added to routes learned from this BGP speaker. | int |
ExtendedLocation
Name | Description | Value |
---|---|---|
name | The name of the extended location. | string |
type | The type of the extended location. | 'EdgeZone' |
IPConfigurationBgpPeeringAddress
Name | Description | Value |
---|---|---|
customBgpIpAddresses | The list of custom BGP peering addresses which belong to IP configuration. | string[] |
ipconfigurationId | The ID of IP configuration which belongs to gateway. | string |
IpsecPolicy
Name | Description | Value |
---|---|---|
dhGroup | The DH Group used in IKE Phase 1 for initial SA. | 'DHGroup1' 'DHGroup14' 'DHGroup2' 'DHGroup2048' 'DHGroup24' 'ECP256' 'ECP384' 'None' (required) |
ikeEncryption | The IKE encryption algorithm (IKE phase 2). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES256' (required) |
ikeIntegrity | The IKE integrity algorithm (IKE phase 2). | 'GCMAES128' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' 'SHA384' (required) |
ipsecEncryption | The IPSec encryption algorithm (IKE phase 1). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES192' 'GCMAES256' 'None' (required) |
ipsecIntegrity | The IPSec integrity algorithm (IKE phase 1). | 'GCMAES128' 'GCMAES192' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' (required) |
pfsGroup | The Pfs Group used in IKE Phase 2 for new child SA. | 'ECP256' 'ECP384' 'None' 'PFS1' 'PFS14' 'PFS2' 'PFS2048' 'PFS24' 'PFSMM' (required) |
saDataSizeKilobytes | The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. | int (required) |
saLifeTimeSeconds | The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. | int (required) |
LocalNetworkGateway
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the local network gateway. | LocalNetworkGatewayPropertiesFormat (required) |
tags | Resource tags. | ResourceTags |
LocalNetworkGatewayPropertiesFormat
Name | Description | Value |
---|---|---|
bgpSettings | Local network gateway's BGP speaker settings. | BgpSettings |
fqdn | FQDN of local network gateway. | string |
gatewayIpAddress | IP address of local network gateway. | string |
localNetworkAddressSpace | Local network site address space. | AddressSpace |
Microsoft.Network/connections
Name | Description | Value |
---|---|---|
location | Resource location. | string |
name | The resource name | string (required) |
properties | Properties of the virtual network gateway connection. | VirtualNetworkGatewayConnectionPropertiesFormat (required) |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Network/connections@2021-05-01" |
RadiusServer
Name | Description | Value |
---|---|---|
radiusServerAddress | The address of this radius server. | string (required) |
radiusServerScore | The initial score assigned to this radius server. | int |
radiusServerSecret | The secret used for this radius server. | string |
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
SubResource
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
TrafficSelectorPolicy
Name | Description | Value |
---|---|---|
localAddressRanges | A collection of local address spaces in CIDR format. | string[] (required) |
remoteAddressRanges | A collection of remote address spaces in CIDR format. | string[] (required) |
VirtualNetworkGateway
Name | Description | Value |
---|---|---|
extendedLocation | The extended location of type local virtual network gateway. | ExtendedLocation |
id | Resource ID. | string |
location | Resource location. | string |
properties | Properties of the virtual network gateway. | VirtualNetworkGatewayPropertiesFormat (required) |
tags | Resource tags. | ResourceTags |
VirtualNetworkGatewayConnectionPropertiesFormat
Name | Description | Value |
---|---|---|
authorizationKey | The authorizationKey. | string |
connectionMode | The connection mode for this connection. | 'Default' 'InitiatorOnly' 'ResponderOnly' |
connectionProtocol | Connection protocol used for this connection. | 'IKEv1' 'IKEv2' |
connectionType | Gateway connection type. | 'ExpressRoute' 'IPsec' 'Vnet2Vnet' 'VPNClient' (required) |
dpdTimeoutSeconds | The dead peer detection timeout of this connection in seconds. | int |
egressNatRules | List of egress NatRules. | SubResource[] |
enableBgp | EnableBgp flag. | bool |
expressRouteGatewayBypass | Bypass ExpressRoute Gateway for data forwarding. | bool |
ingressNatRules | List of ingress NatRules. | SubResource[] |
ipsecPolicies | The IPSec Policies to be considered by this connection. | IpsecPolicy[] |
localNetworkGateway2 | The reference to local network gateway resource. | LocalNetworkGateway |
peer | The reference to peerings resource. | SubResource |
routingWeight | The routing weight. | int |
sharedKey | The IPSec shared key. | string |
trafficSelectorPolicies | The Traffic Selector Policies to be considered by this connection. | TrafficSelectorPolicy[] |
useLocalAzureIpAddress | Use private local Azure IP for the connection. | bool |
usePolicyBasedTrafficSelectors | Enable policy-based traffic selectors. | bool |
virtualNetworkGateway1 | The reference to virtual network gateway resource. | VirtualNetworkGateway (required) |
virtualNetworkGateway2 | The reference to virtual network gateway resource. | VirtualNetworkGateway |
VirtualNetworkGatewayIPConfiguration
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the virtual network gateway ip configuration. | VirtualNetworkGatewayIPConfigurationPropertiesFormat |
VirtualNetworkGatewayIPConfigurationPropertiesFormat
Name | Description | Value |
---|---|---|
privateIPAllocationMethod | The private IP address allocation method. | 'Dynamic' 'Static' |
publicIPAddress | The reference to the public IP resource. | SubResource |
subnet | The reference to the subnet resource. | SubResource |
VirtualNetworkGatewayNatRule
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the Virtual Network Gateway NAT rule. | VirtualNetworkGatewayNatRuleProperties |
VirtualNetworkGatewayNatRuleProperties
Name | Description | Value |
---|---|---|
externalMappings | The private IP address external mapping for NAT. | VpnNatRuleMapping[] |
internalMappings | The private IP address internal mapping for NAT. | VpnNatRuleMapping[] |
ipConfigurationId | The IP Configuration ID this NAT rule applies to. | string |
mode | The Source NAT direction of a VPN NAT. | 'EgressSnat' 'IngressSnat' |
type | The type of NAT rule for VPN NAT. | 'Dynamic' 'Static' |
VirtualNetworkGatewayPropertiesFormat
Name | Description | Value |
---|---|---|
activeActive | ActiveActive flag. | bool |
bgpSettings | Virtual network gateway's BGP speaker settings. | BgpSettings |
customRoutes | The reference to the address space resource which represents the custom routes address space specified by the customer for virtual network gateway and VpnClient. | AddressSpace |
disableIPSecReplayProtection | disableIPSecReplayProtection flag. | bool |
enableBgp | Whether BGP is enabled for this virtual network gateway or not. | bool |
enableBgpRouteTranslationForNat | EnableBgpRouteTranslationForNat flag. | bool |
enableDnsForwarding | Whether dns forwarding is enabled or not. | bool |
enablePrivateIpAddress | Whether private IP needs to be enabled on this gateway for connections or not. | bool |
gatewayDefaultSite | The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. | SubResource |
gatewayType | The type of this virtual network gateway. | 'ExpressRoute' 'LocalGateway' 'Vpn' |
ipConfigurations | IP configurations for virtual network gateway. | VirtualNetworkGatewayIPConfiguration[] |
natRules | NatRules for virtual network gateway. | VirtualNetworkGatewayNatRule[] |
sku | The reference to the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway. | VirtualNetworkGatewaySku |
vNetExtendedLocationResourceId | Customer vnet resource id. VirtualNetworkGateway of type local gateway is associated with the customer vnet. | string |
vpnClientConfiguration | The reference to the VpnClientConfiguration resource which represents the P2S VpnClient configurations. | VpnClientConfiguration |
vpnGatewayGeneration | The generation for this VirtualNetworkGateway. Must be None if gatewayType is not VPN. | 'Generation1' 'Generation2' 'None' |
vpnType | The type of this virtual network gateway. | 'PolicyBased' 'RouteBased' |
VirtualNetworkGatewaySku
Name | Description | Value |
---|---|---|
name | Gateway SKU name. | 'Basic' 'ErGw1AZ' 'ErGw2AZ' 'ErGw3AZ' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw1AZ' 'VpnGw2' 'VpnGw2AZ' 'VpnGw3' 'VpnGw3AZ' 'VpnGw4' 'VpnGw4AZ' 'VpnGw5' 'VpnGw5AZ' |
tier | Gateway SKU tier. | 'Basic' 'ErGw1AZ' 'ErGw2AZ' 'ErGw3AZ' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw1AZ' 'VpnGw2' 'VpnGw2AZ' 'VpnGw3' 'VpnGw3AZ' 'VpnGw4' 'VpnGw4AZ' 'VpnGw5' 'VpnGw5AZ' |
VpnClientConfiguration
Name | Description | Value |
---|---|---|
aadAudience | The AADAudience property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
aadIssuer | The AADIssuer property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
aadTenant | The AADTenant property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication. | string |
radiusServerAddress | The radius server address property of the VirtualNetworkGateway resource for vpn client connection. | string |
radiusServers | The radiusServers property for multiple radius server configuration. | RadiusServer[] |
radiusServerSecret | The radius secret property of the VirtualNetworkGateway resource for vpn client connection. | string |
vpnAuthenticationTypes | VPN authentication types for the virtual network gateway.. | String array containing any of: 'AAD' 'Certificate' 'Radius' |
vpnClientAddressPool | The reference to the address space resource which represents Address space for P2S VpnClient. | AddressSpace |
vpnClientIpsecPolicies | VpnClientIpsecPolicies for virtual network gateway P2S client. | IpsecPolicy[] |
vpnClientProtocols | VpnClientProtocols for Virtual network gateway. | String array containing any of: 'IkeV2' 'OpenVPN' 'SSTP' |
vpnClientRevokedCertificates | VpnClientRevokedCertificate for Virtual network gateway. | VpnClientRevokedCertificate[] |
vpnClientRootCertificates | VpnClientRootCertificate for virtual network gateway. | VpnClientRootCertificate[] |
VpnClientRevokedCertificate
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client revoked certificate. | VpnClientRevokedCertificatePropertiesFormat |
VpnClientRevokedCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
thumbprint | The revoked VPN client certificate thumbprint. | string |
VpnClientRootCertificate
Name | Description | Value |
---|---|---|
id | Resource ID. | string |
name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string |
properties | Properties of the vpn client root certificate. | VpnClientRootCertificatePropertiesFormat (required) |
VpnClientRootCertificatePropertiesFormat
Name | Description | Value |
---|---|---|
publicCertData | The certificate public data. | string (required) |
VpnNatRuleMapping
Name | Description | Value |
---|---|---|
addressSpace | Address space for Vpn NatRule mapping. | string |
portRange | Port range for Vpn NatRule mapping. | string |