az network vpn-connection

Manage VPN connections.

For more information on site-to-site connections, visit https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli. For more information on Vnet-to-Vnet connections, visit https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-cli.

Commands

Name	Description	Type	Status
az network vpn-connection create	Create a VPN connection.	Core	GA
az network vpn-connection delete	Delete a VPN connection.	Core	GA
az network vpn-connection ipsec-policy	Manage VPN connection IPSec policies.	Core	GA
az network vpn-connection ipsec-policy add	Add a VPN connection IPSec policy.	Core	GA
az network vpn-connection ipsec-policy clear	Delete all IPsec policies on a VPN connection.	Core	GA
az network vpn-connection ipsec-policy list	List IPSec policies associated with a VPN connection.	Core	GA
az network vpn-connection ipsec-policy wait	Place the CLI in a waiting state until a condition is met.	Core	GA
az network vpn-connection list	List all VPN connections.	Core	GA
az network vpn-connection list-ike-sas	List IKE Security Associations for a VPN connection.	Core	Preview
az network vpn-connection packet-capture	Manage packet capture on a VPN connection.	Core	GA
az network vpn-connection packet-capture start	Start packet capture on a VPN connection.	Core	GA
az network vpn-connection packet-capture stop	Stop packet capture on a VPN connection.	Core	Preview
az network vpn-connection packet-capture wait	Place the CLI in a waiting state until a condition is met.	Core	GA
az network vpn-connection shared-key	Manage VPN shared keys.	Core	GA
az network vpn-connection shared-key reset	Reset a VPN connection shared key.	Core	GA
az network vpn-connection shared-key show	Retrieve a VPN connection shared key.	Core	GA
az network vpn-connection shared-key update	Update a VPN connection shared key.	Core	GA
az network vpn-connection show	Get the details of a VPN connection.	Core	GA
az network vpn-connection show-device-config-script	Get a XML format representation for VPN connection device configuration script.	Core	Preview
az network vpn-connection update	Update a VPN connection.	Core	GA
az network vpn-connection wait	Place the CLI in a waiting state until a condition is met.	Core	GA

az network vpn-connection create

Create a VPN connection.

The VPN Gateway and Local Network Gateway must be provisioned before creating the connection between them.

az network vpn-connection create --name
                                 --resource-group
                                 --vnet-gateway1
                                 [--authorization-key]
                                 [--egress-nat-rule]
                                 [--enable-bgp]
                                 [--express-route-circuit2]
                                 [--express-route-gateway-bypass {false, true}]
                                 [--ingress-nat-rule]
                                 [--local-gateway2]
                                 [--location]
                                 [--routing-weight]
                                 [--shared-key]
                                 [--tags]
                                 [--use-policy-based-traffic-selectors {false, true}]
                                 [--validate]
                                 [--vnet-gateway2]

Examples

Create a site-to-site connection between an Azure virtual network and an on-premises local network gateway.

az network vpn-connection create -g MyResourceGroup -n MyConnection --vnet-gateway1 MyVnetGateway --local-gateway2 MyLocalGateway --shared-key Abc123

Create a VPN connection with --ingress-nat-rule.

az network vpn-connection create -g MyResourceGroup -n MyConnection --vnet-gateway1 MyVnetGateway --local-gateway2 MyLocalGateway --shared-key Abc123 --ingress-nat-rule /subscriptions/000/resourceGroups/TestBGPRG1/providers/Microsoft.Network/virtualNetworkGateways/gwx/natRules/nat

Create a VPN connection. (autogenerated)

az network vpn-connection create --location westus2 --name MyConnection --resource-group MyResourceGroup --shared-key Abc123 --vnet-gateway1 MyVnetGateway --vnet-gateway2 /subscriptions/{subscriptionID}/resourceGroups/TestBGPRG1/providers/Microsoft.Network/virtualNetworkGateways/VNet1GW

Create a VPN connection. (autogenerated)

az network vpn-connection create --local-gateway2 MyLocalGateway --location westus2 --name MyConnection --resource-group MyResourceGroup --shared-key Abc123 --vnet-gateway1 MyVnetGateway

Required Parameters

--name -n

Connection name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet-gateway1

Name or ID of the source virtual network gateway.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--authorization-key

The authorization key for the VPN connection.

--egress-nat-rule

Preview

List of egress NatRules.

--enable-bgp

Enable BGP for this VPN connection.

Property	Value
Default value:	False

--express-route-circuit2

Name or ID of the destination ExpressRoute to connect to using an 'ExpressRoute' connection.

Property	Value
Parameter group:	Destination Arguments

--express-route-gateway-bypass

Bypass ExpressRoute gateway for data forwarding.

Property	Value
Accepted values:	false, true

--ingress-nat-rule

Preview

List of ingress NatRules.

--local-gateway2

Name or ID of the destination local network gateway to connect to using an 'IPSec' connection.

Property	Value
Parameter group:	Destination Arguments

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--routing-weight

Connection routing weight.

Property	Value
Default value:	10

--shared-key

Shared IPSec key.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--use-policy-based-traffic-selectors

Enable policy-based traffic selectors.

Property	Value
Default value:	False
Accepted values:	false, true

--validate

Display and validate the ARM template but do not create any resources.

Property	Value
Default value:	False

--vnet-gateway2

Name or ID of the destination virtual network gateway to connect to using a 'Vnet2Vnet' connection.

Property	Value
Parameter group:	Destination Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az network vpn-connection delete

Delete a VPN connection.

az network vpn-connection delete [--ids]
                                 [--name]
                                 [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--resource-group]
                                 [--subscription]

Examples

Delete a VPN connection.

az network vpn-connection delete -g MyResourceGroup -n MyConnection

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--name -n

Connection name.

Property	Value
Parameter group:	Resource Id Arguments

--no-wait

Do not wait for the long-running operation to finish.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az network vpn-connection list

List all VPN connections.

az network vpn-connection list --resource-group
                               [--vnet-gateway]

Examples

List all VPN connections in a resource group.

az network vpn-connection list -g MyResourceGroup

List all VPN connections in a virtual network gateway.

az network vpn-connection list -g MyResourceGroup --vnet-gateway MyVnetGateway

Required Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--vnet-gateway

Name of the VNet gateway.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az network vpn-connection list-ike-sas

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

List IKE Security Associations for a VPN connection.

az network vpn-connection list-ike-sas [--ids]
                                       [--name]
                                       [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                       [--resource-group]
                                       [--subscription]

Examples

List IKE Security Associations for a VPN connection.

az network vpn-connection list-ike-sas -g MyResourceGroup -n MyConnection

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--name -n

Connection name.

Property	Value
Parameter group:	Resource Id Arguments

--no-wait

Do not wait for the long-running operation to finish.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az network vpn-connection show

Get the details of a VPN connection.

az network vpn-connection show [--ids]
                               [--name]
                               [--resource-group]
                               [--subscription]

Examples

View the details of a VPN connection.

az network vpn-connection show -g MyResourceGroup -n MyConnection

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--name -n

Connection name.

Property	Value
Parameter group:	Resource Id Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az network vpn-connection show-device-config-script

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Get a XML format representation for VPN connection device configuration script.

az network vpn-connection show-device-config-script --device-family
                                                    --firmware-version
                                                    --vendor
                                                    [--ids]
                                                    [--name]
                                                    [--resource-group]
                                                    [--subscription]

Examples

Get a XML format representation for VPN connection device configuration script.

az network vpn-connection show-device-config-script -g MyResourceGroup -n MyConnection --vendor "Cisco" --device-family "Cisco-ISR(IOS)" --firmware-version "Cisco-ISR-15.x-- IKEv2+BGP"

Required Parameters

--device-family

The device family for the vpn device.

--firmware-version

The firmware version for the vpn device.

--vendor

The vendor for the vpn device.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--name -n

Connection name.

Property	Value
Parameter group:	Resource Id Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az network vpn-connection update

Update a VPN connection.

az network vpn-connection update [--add]
                                 [--enable-bgp {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--express-route-gateway-bypass {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--ids]
                                 [--name]
                                 [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--remove]
                                 [--resource-group]
                                 [--routing-weight]
                                 [--set]
                                 [--shared-key]
                                 [--subscription]
                                 [--tags]
                                 [--use-policy-based-traffic-selectors {0, 1, f, false, n, no, t, true, y, yes}]

Examples

Add BGP to an existing connection.

az network vpn-connection update -g MyResourceGroup -n MyConnection --enable-bgp True

Update a VPN connection.

az network vpn-connection update --name MyConnection --resource-group MyResourceGroup --use-policy-based-traffic-selectors true

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

Property	Value
Parameter group:	Generic Update Arguments

--enable-bgp

Enable BGP (Border Gateway Protocol).

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--express-route-gateway-bypass

Bypass ExpressRoute gateway for data forwarding.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Property	Value
Parameter group:	Generic Update Arguments
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--name -n

Connection name.

Property	Value
Parameter group:	Resource Id Arguments

--no-wait

Do not wait for the long-running operation to finish.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

Property	Value
Parameter group:	Generic Update Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--routing-weight

Connection routing weight.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

Property	Value
Parameter group:	Generic Update Arguments

--shared-key

Shared IPSec key.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--use-policy-based-traffic-selectors

Enable policy-based traffic selectors.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az network vpn-connection wait

Place the CLI in a waiting state until a condition is met.

az network vpn-connection wait [--created]
                               [--custom]
                               [--deleted]
                               [--exists]
                               [--ids]
                               [--interval]
                               [--name]
                               [--resource-group]
                               [--subscription]
                               [--timeout]
                               [--updated]

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	False

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

Property	Value
Parameter group:	Wait Condition Arguments

--deleted

Wait until deleted.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	False

--exists

Wait until the resource exists.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--interval

Polling interval in seconds.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	30

--name -n

Connection name.

Property	Value
Parameter group:	Resource Id Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

--timeout

Maximum wait in seconds.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	3600

--updated

Wait until updated with provisioningState at 'Succeeded'.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False