az network vpn-connection
Manage VPN connections.
For more information on site-to-site connections, visit https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli. For more information on Vnet-to-Vnet connections, visit https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-cli.
| Name | Description | Type | Status |
|---|---|---|---|
| az network vpn-connection create |
Create a VPN connection. |
Core | GA |
| az network vpn-connection delete |
Delete a VPN connection. |
Core | GA |
| az network vpn-connection list |
List all VPN connections. |
Core | GA |
| az network vpn-connection shared-key |
Manage VPN shared keys. |
Core | GA |
| az network vpn-connection shared-key reset |
Reset a VPN connection shared key. |
Core | GA |
| az network vpn-connection shared-key show |
Retrieve a VPN connection shared key. |
Core | GA |
| az network vpn-connection shared-key update |
Update a VPN connection shared key. |
Core | GA |
| az network vpn-connection show |
Get the details of a VPN connection. |
Core | GA |
| az network vpn-connection update |
Update a VPN connection. |
Core | GA |
| az network vpn-connection wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
Create a VPN connection.
The VPN Gateway and Local Network Gateway must be provisioned before creating the connection between them.
az network vpn-connection create --name
--resource-group
--vnet-gateway1
[--authorization-key]
[--enable-bgp]
[--express-route-circuit2]
[--local-gateway2]
[--location]
[--routing-weight]
[--shared-key]
[--tags]
[--validate]
[--vnet-gateway2]Create a site-to-site connection between an Azure virtual network and an on-premises local network gateway.
az network vpn-connection create -g MyResourceGroup -n MyConnection --vnet-gateway1 MyVnetGateway --local-gateway2 MyLocalGateway --shared-key Abc123Create a VPN connection with --ingress-nat-rule.
az network vpn-connection create -g MyResourceGroup -n MyConnection --vnet-gateway1 MyVnetGateway --local-gateway2 MyLocalGateway --shared-key Abc123 --ingress-nat-rule /subscriptions/000/resourceGroups/TestBGPRG1/providers/Microsoft.Network/virtualNetworkGateways/gwx/natRules/natCreate a VPN connection. (autogenerated)
az network vpn-connection create --location westus2 --name MyConnection --resource-group MyResourceGroup --shared-key Abc123 --vnet-gateway1 MyVnetGateway --vnet-gateway2 /subscriptions/{subscriptionID}/resourceGroups/TestBGPRG1/providers/Microsoft.Network/virtualNetworkGateways/VNet1GWCreate a VPN connection. (autogenerated)
az network vpn-connection create --local-gateway2 MyLocalGateway --location westus2 --name MyConnection --resource-group MyResourceGroup --shared-key Abc123 --vnet-gateway1 MyVnetGatewayConnection name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of the source virtual network gateway.
The authorization key for the VPN connection.
Enable BGP for this VPN connection.
Name or ID of the destination ExpressRoute to connect to using an 'ExpressRoute' connection.
Name or ID of the destination local network gateway to connect to using an 'IPSec' connection.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Connection routing weight.
Shared IPSec key.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Display and validate the ARM template but do not create any resources.
Name or ID of the destination virtual network gateway to connect to using a 'Vnet2Vnet' connection.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Delete a VPN connection.
az network vpn-connection delete [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Delete a VPN connection.
az network vpn-connection delete -g MyResourceGroup -n MyConnectionOne or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Connection name.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
List all VPN connections.
az network vpn-connection list --resource-groupList all VPN connections in a resource group.
az network vpn-connection list -g MyResourceGroupName of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Get the details of a VPN connection.
az network vpn-connection show [--ids]
[--name]
[--resource-group]
[--subscription]View the details of a VPN connection.
az network vpn-connection show -g MyResourceGroup -n MyConnectionOne or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Connection name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Update a VPN connection.
az network vpn-connection update [--add]
[--enable-bgp {0, 1, f, false, n, no, t, true, y, yes}]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--remove]
[--resource-group]
[--routing-weight]
[--set]
[--shared-key]
[--subscription]
[--tags]Add BGP to an existing connection.
az network vpn-connection update -g MyResourceGroup -n MyConnection --enable-bgp TrueAdd an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
Enable BGP (Border Gateway Protocol).
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Connection name.
Do not wait for the long-running operation to finish.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Connection routing weight.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
Shared IPSec key.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Place the CLI in a waiting state until a condition is met.
az network vpn-connection wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
Connection name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Azure CLI feedback
Azure CLI is an open source project. Select a link to provide feedback: