New-AzureRmVirtualNetworkGateway
Creates a Virtual Network Gateway
Warning
The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are
advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and
updates.
Although the AzureRM module may still function, it's no longer maintained or supported, placing
any continued use at the user's discretion and risk. Please refer to our
migration resources for guidance on transitioning to the Az module.
Syntax
New-AzureRmVirtualNetworkGateway
-Name <String>
-ResourceGroupName <String>
-Location <String>
[-IpConfigurations <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSVirtualNetworkGatewayIpConfiguration]>]
[-GatewayType <String>]
[-VpnType <String>]
[-EnableBgp <Boolean>]
[-EnableActiveActiveFeature]
[-GatewaySku <String>]
[-GatewayDefaultSite <PSLocalNetworkGateway>]
[-VpnClientAddressPool <System.Collections.Generic.List`1[System.String]>]
[-VpnClientProtocol <System.Collections.Generic.List`1[System.String]>]
[-VpnClientRootCertificates <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSVpnClientRootCertificate]>]
[-VpnClientRevokedCertificates <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSVpnClientRevokedCertificate]>]
[-VpnClientIpsecPolicy <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSIpsecPolicy]>]
[-Asn <UInt32>]
[-PeerWeight <Int32>]
[-Tag <Hashtable>]
[-Force]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzureRmVirtualNetworkGateway
-Name <String>
-ResourceGroupName <String>
-Location <String>
[-IpConfigurations <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSVirtualNetworkGatewayIpConfiguration]>]
[-GatewayType <String>]
[-VpnType <String>]
[-EnableBgp <Boolean>]
[-EnableActiveActiveFeature]
[-GatewaySku <String>]
[-GatewayDefaultSite <PSLocalNetworkGateway>]
[-VpnClientAddressPool <System.Collections.Generic.List`1[System.String]>]
[-VpnClientProtocol <System.Collections.Generic.List`1[System.String]>]
[-VpnClientRootCertificates <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSVpnClientRootCertificate]>]
[-VpnClientRevokedCertificates <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSVpnClientRevokedCertificate]>]
[-VpnClientIpsecPolicy <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSIpsecPolicy]>]
[-Asn <UInt32>]
[-PeerWeight <Int32>]
[-Tag <Hashtable>]
[-Force]
-RadiusServerAddress <String>
-RadiusServerSecret <SecureString>
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Virtual Network Gateway is the object representing your gateway in Azure.
The New-AzureRmVirtualNetworkGateway cmdlet creates the object of your gateway in Azure based
on the Name, Resource Group Name, Location, and IP configuration, as well as the Gateway Type and
if VPN, the VPN Type. You can also name the Gateway SKU.
If this Gateway is being used for Point-to-Site connections, you will also need to include the VPN
Client Address Pool from which to assign addresses to connecting clients and the VPN Client Root
Certificate used to authenticate VPN clients connecting to the Gateway.
You can also choose to include other features like BGP and Active-Active.
Examples
1: Create a Virtual Network Gateway
New-AzureRmResourceGroup -Location "UK West" -Name "vnet-gateway"
$subnet = New-AzureRMVirtualNetworkSubnetConfig -Name 'gatewaysubnet' -AddressPrefix '10.254.0.0/27'
$ngwpip = New-AzureRMPublicIpAddress -Name ngwpip -ResourceGroupName "vnet-gateway" -Location "UK West" -AllocationMethod Dynamic
$vnet = New-AzureRmVirtualNetwork -AddressPrefix "10.254.0.0/27" -Location "UK West" -Name vnet-gateway -ResourceGroupName "vnet-gateway" -Subnet $subnet
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -name 'gatewaysubnet' -VirtualNetwork $vnet
$ngwipconfig = New-AzureRMVirtualNetworkGatewayIpConfig -Name ngwipconfig -SubnetId $subnet.Id -PublicIpAddressId $ngwpip.Id
New-AzureRmVirtualNetworkGateway -Name myNGW -ResourceGroupName vnet-gateway -Location "UK West" -IpConfigurations $ngwIpConfig -GatewayType "Vpn" -VpnType "RouteBased" -GatewaySku "Basic"The above will create a resource group, request a Public IP Address, create a Virtual Network and
subnet and create a Virtual Network Gateway in Azure.
The gateway will be called "myNGW" within the resource group "vnet-gateway" in the location "UK
West" with the previously created IP configurations saved in the variable "ngwIPConfig," the
gateway type of "VPN," the vpn type "RouteBased," and the sku "Basic."
2: Create a Virtual Network Gateway with External Radius Configuration
New-AzureRmResourceGroup -Location "UK West" -Name "vnet-gateway"
New-AzureRMVirtualNetworkSubnetConfig -Name 'gatewaysubnet' -AddressPrefix '10.254.0.0/27'
$ngwpip = New-AzureRMPublicIpAddress -Name ngwpip -ResourceGroupName "vnet-gateway" -Location "UK West" -AllocationMethod Dynamic
$vnet = New-AzureRmVirtualNetwork -AddressPrefix "10.254.0.0/27" -Location "UK West" -Name vnet-gateway -ResourceGroupName "vnet-gateway" -Subnet $subnet
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -name 'gatewaysubnet' -VirtualNetwork $vnet
$ngwipconfig = New-AzureRMVirtualNetworkGatewayIpConfig -Name ngwipconfig -SubnetId $subnet.Id -PublicIpAddressId $ngwpip.Id
$Secure_String_Pwd = ConvertTo-SecureString "TestRadiusServerPassword" -AsPlainText -Force
New-AzureRmVirtualNetworkGateway -Name myNGW -ResourceGroupName vnet-gateway -Location "UK West" -IpConfigurations $ngwIpConfig -GatewayType "Vpn" -VpnType "RouteBased" -GatewaySku "Basic" -RadiusServerAddress "TestRadiusServer" -RadiusServerSecret $Secure_String_PwdThe above will create a resource group, request a Public IP Address, create a Virtual Network and
subnet and create a Virtual Network Gateway in Azure.
The gateway will be called "myNGW" within the resource group "vnet-gateway" in the location "UK West" with the previously created IP configurations saved in the variable "ngwIPConfig," the gateway type of "VPN," the vpn type "RouteBased," and the sku "Basic." It also adds an external radius server with address "TestRadiusServer"
1: Create a Virtual Network Gateway with P2S settings
New-AzureRmResourceGroup -Location "UK West" -Name "vnet-gateway"
$subnet = New-AzureRMVirtualNetworkSubnetConfig -Name 'gatewaysubnet' -AddressPrefix '10.254.0.0/27'
$ngwpip = New-AzureRMPublicIpAddress -Name ngwpip -ResourceGroupName "vnet-gateway" -Location "UK West" -AllocationMethod Dynamic
$vnet = New-AzureRmVirtualNetwork -AddressPrefix "10.254.0.0/27" -Location "UK West" -Name vnet-gateway -ResourceGroupName "vnet-gateway" -Subnet $subnet
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -name 'gatewaysubnet' -VirtualNetwork $vnet
$ngwipconfig = New-AzureRMVirtualNetworkGatewayIpConfig -Name ngwipconfig -SubnetId $subnet.Id -PublicIpAddressId $ngwpip.Id
$rootCert = New-AzureRmVpnClientRootCertificate -Name $clientRootCertName -PublicCertData $samplePublicCertData
$vpnclientipsecpolicy = New-AzureRmVpnClientIpsecPolicy -IpsecEncryption AES256 -IpsecIntegrity SHA256 -SALifeTimeSeconds 86471 -SADataSizeKilobytes 429496 -IkeEncryption AES256 -IkeIntegrity SHA384 -DhGroup DHGroup2 -PfsGroup PFS2
New-AzureRmVirtualNetworkGateway -Name myNGW -ResourceGroupName vnet-gateway -Location "UK West" -IpConfigurations $ngwIpConfig -GatewayType "Vpn" -VpnType "RouteBased" -GatewaySku "VpnGw1" -VpnClientProtocol IkeV2 -VpnClientAddressPool 201.169.0.0/16 -VpnClientRootCertificates $rootCert -VpnClientIpsecPolicy $vpnclientipsecpolicyThe above will create a resource group, request a Public IP Address, create a Virtual Network and
subnet and create a Virtual Network Gateway with P2S settings e.g. VpnProtocol,VpnClientAddressPool,VpnClientRootCertificates,VpnClientIpsecPolicy etc. in Azure.
The gateway will be called "myNGW" within the resource group "vnet-gateway" in the location "UK West" with the previously created IP configurations saved in the variable "ngwIPConfig," the gateway type of "VPN," the vpn type "RouteBased," and the sku "VpnGw1." Vpn settings will be set on Gateway such as VpnProtocol set as Ikev2, VpnClientAddressPool as "201.169.0.0/16", VpnClientRootCertificate set as passed one: clientRootCertName and custom vpn ipsec policy passed in object:$vpnclientipsecpolicy
Parameters
-AsJob
Run cmdlet in the background
Type: SwitchParameter Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-Asn
Type: UInt32 Position: Named Default value: None Required: False Accept pipeline input: True Accept wildcard characters: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter Aliases: cf Position: Named Default value: False Required: False Accept pipeline input: False Accept wildcard characters: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Type: IAzureContextContainer Aliases: AzureRmContext, AzureCredential Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-EnableActiveActiveFeature
Enables the active-active feature.
Type: SwitchParameter Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-EnableBgp
Type: Boolean Position: Named Default value: None Required: False Accept pipeline input: True Accept wildcard characters: False
-Force
Forces the command to run without asking for user confirmation.
Type: SwitchParameter Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-GatewayDefaultSite
Type: PSLocalNetworkGateway Position: Named Default value: None Required: False Accept pipeline input: True Accept wildcard characters: False
-GatewaySku
Type: String Accepted values: Basic, Standard, HighPerformance, UltraPerformance, VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ, ErGw1AZ, ErGw2AZ, ErGw3AZ Position: Named Default value: None Required: False Accept pipeline input: True Accept wildcard characters: False
-GatewayType
Type: String Accepted values: Vpn, ExpressRoute Position: Named Default value: None Required: False Accept pipeline input: True Accept wildcard characters: False
-IpConfigurations
-Location
Type: String Position: Named Default value: None Required: True Accept pipeline input: True Accept wildcard characters: False
-Name
Type: String Aliases: ResourceName Position: Named Default value: None Required: True Accept pipeline input: True Accept wildcard characters: False
-PeerWeight
Type: Int32 Position: Named Default value: None Required: False Accept pipeline input: True Accept wildcard characters: False
-RadiusServerAddress
P2S External Radius server address.
Type: String Position: Named Default value: None Required: True Accept pipeline input: True Accept wildcard characters: False
-RadiusServerSecret
P2S External Radius server secret.
Type: SecureString Position: Named Default value: None Required: True Accept pipeline input: True Accept wildcard characters: False
-ResourceGroupName
Type: String Position: Named Default value: None Required: True Accept pipeline input: True Accept wildcard characters: False
-Tag
Key-value pairs in the form of a hash table. For example:
@{key0="value0";key1=$null;key2="value2"}
Type: Hashtable Position: Named Default value: None Required: False Accept pipeline input: True Accept wildcard characters: False
-VpnClientAddressPool
Type: List<T> [ String ] Position: Named Default value: None Required: False Accept pipeline input: True Accept wildcard characters: False
-VpnClientIpsecPolicy
A list of IPSec policies for P2S VPN client tunneling protocols.
Type: List<T> [ PSIpsecPolicy ] Position: Named Default value: None Required: False Accept pipeline input: True Accept wildcard characters: False
-VpnClientProtocol
The list of P2S VPN client tunneling protocols
Type: List<T> [ String ] Accepted values: SSTP, IkeV2, OpenVPN Position: Named Default value: None Required: False Accept pipeline input: True Accept wildcard characters: False
-VpnClientRevokedCertificates
-VpnClientRootCertificates
-VpnType
Type: String Accepted values: PolicyBased, RouteBased Position: Named Default value: None Required: False Accept pipeline input: True Accept wildcard characters: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Type: SwitchParameter Aliases: wi Position: Named Default value: False Required: False Accept pipeline input: False Accept wildcard characters: False
String
List<T> [ [ Microsoft.Azure.Commands.Network.Models.PSVirtualNetworkGatewayIpConfiguration, Microsoft.Azure.Commands.Network, Version=6.4.1.0, Culture=neutral, PublicKeyToken=null ] ]
Boolean
PSLocalNetworkGateway
List<T> [ [ System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 ] ]
List<T> [ [ Microsoft.Azure.Commands.Network.Models.PSVpnClientRootCertificate, Microsoft.Azure.Commands.Network, Version=6.4.1.0, Culture=neutral, PublicKeyToken=null ] ]
List<T> [ [ Microsoft.Azure.Commands.Network.Models.PSVpnClientRevokedCertificate, Microsoft.Azure.Commands.Network, Version=6.4.1.0, Culture=neutral, PublicKeyToken=null ] ]
List<T> [ [ Microsoft.Azure.Commands.Network.Models.PSIpsecPolicy, Microsoft.Azure.Commands.Network, Version=6.4.1.0, Culture=neutral, PublicKeyToken=null ] ]
UInt32
Int32
Hashtable
SecureString
Outputs
PSVirtualNetworkGateway