az network vpn-gateway connection vpn-site-link-conn ipsec-policy
Note
This reference is part of the virtual-wan extension for the Azure CLI (version 2.55.0 or higher). The extension will automatically install the first time you run an az network vpn-gateway connection vpn-site-link-conn ipsec-policy command. Learn more about extensions.
Manage site-to-site VPN gateway connection VPN site link IPSec policies.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network vpn-gateway connection vpn-site-link-conn ipsec-policy add |
Add an IPSec policy to a site-to-site VPN gateway connection VPN site link. |
Extension | GA |
| az network vpn-gateway connection vpn-site-link-conn ipsec-policy list |
List site-to-site VPN gateway connection VPN site link IPSec policies. |
Extension | GA |
| az network vpn-gateway connection vpn-site-link-conn ipsec-policy remove |
Remove an IPSec policy from a site-to-site VPN gateway connection VPN site link. |
Extension | GA |
az network vpn-gateway connection vpn-site-link-conn ipsec-policy add
Add an IPSec policy to a site-to-site VPN gateway connection VPN site link.
az network vpn-gateway connection vpn-site-link-conn ipsec-policy add --dh-group {DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, None}
--ike-encryption {AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES256}
--ike-integrity {GCMAES128, GCMAES256, MD5, SHA1, SHA256, SHA384}
--ipsec-encryption {AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, None}
--ipsec-integrity {GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, SHA256}
--pfs-group {ECP256, ECP384, None, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM}
--sa-data-size
--sa-lifetime
[--connection-name]
[--gateway-name]
[--ids]
[--name]
[--no-wait]
[--resource-group]
[--subscription]Examples
Add an IPSec policy to a site-to-site VPN gateway connection VPN site link
az network vpn-gateway connection vpn-site-link-conn ipsec-policy add -g MyRG --connection-name MyConnection --gateway-name MyGateway -n MyVPNSiteLinkConn --ipsec-encryption AES256 --ipsec-integrity SHA256 --sa-lifetime 86471 --sa-data-size 429496 --ike-encryption AES256 --ike-integrity SHA384 --dh-group DHGroup14 --pfs-group PFS14Required Parameters
DH Groups used in IKE Phase 1 for initial SA.
| Property | Value |
|---|---|
| Parameter group: | IP Security Arguments |
| Accepted values: | DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, None |
IKE encryption algorithm (IKE phase 2).
| Property | Value |
|---|---|
| Parameter group: | IP Security Arguments |
| Accepted values: | AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES256 |
IKE integrity algorithm (IKE phase 2).
| Property | Value |
|---|---|
| Parameter group: | IP Security Arguments |
| Accepted values: | GCMAES128, GCMAES256, MD5, SHA1, SHA256, SHA384 |
IPSec encryption algorithm (IKE phase 1).
| Property | Value |
|---|---|
| Parameter group: | IP Security Arguments |
| Accepted values: | AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, None |
IPSec integrity algorithm (IKE phase 1).
| Property | Value |
|---|---|
| Parameter group: | IP Security Arguments |
| Accepted values: | GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, SHA256 |
The Pfs Groups used in IKE Phase 2 for new child SA.
| Property | Value |
|---|---|
| Parameter group: | IP Security Arguments |
| Accepted values: | ECP256, ECP384, None, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM |
IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site-to-site VPN tunnel.
| Property | Value |
|---|---|
| Parameter group: | IP Security Arguments |
IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site-to-site VPN tunnel.
| Property | Value |
|---|---|
| Parameter group: | IP Security Arguments |
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of the VPN gateway connection.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the VPN gateway.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the VPN site link connection.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network vpn-gateway connection vpn-site-link-conn ipsec-policy list
List site-to-site VPN gateway connection VPN site link IPSec policies.
az network vpn-gateway connection vpn-site-link-conn ipsec-policy list --connection-name
--gateway-name
--name
--resource-groupExamples
List IPSec policies on a site-to-site VPN gateway connection VPN site link
az network vpn-gateway connection vpn-site-link-conn ipsec-policy list -g MyRG --connection-name MyConnection --gateway-name MyGateway -n MyVPNSiteLinkConnRequired Parameters
Name of the VPN gateway connection.
Name of the VPN gateway.
Name of the VPN site link connection.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network vpn-gateway connection vpn-site-link-conn ipsec-policy remove
Remove an IPSec policy from a site-to-site VPN gateway connection VPN site link.
az network vpn-gateway connection vpn-site-link-conn ipsec-policy remove --index
[--connection-name]
[--gateway-name]
[--ids]
[--name]
[--no-wait]
[--resource-group]
[--subscription]Examples
Remove an IPSec policy from a site-to-site VPN gateway connection VPN site link
az network vpn-gateway connection vpn-site-link-conn ipsec-policy remove -g MyRG --connection-name MyConnection --gateway-name MyGateway -n MyVPNSiteLinkConn --index 1Required Parameters
List index of the item (starting with 1).
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of the VPN gateway connection.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the VPN gateway.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the VPN site link connection.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
