Virtual Network Gateway Connections - Create Or Update

Service:

Network Gateway

API Version:

2023-09-01

Creates or updates a virtual network gateway connection in the specified resource group.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/connections/{virtualNetworkGatewayConnectionName}?api-version=2023-09-01

URI Parameters

Name	In	Required	Type	Description
resourceGroupName	path	True	string	The name of the resource group.
subscriptionId	path	True	string	The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.
virtualNetworkGatewayConnectionName	path	True	string	The name of the virtual network gateway connection.
api-version	query	True	string	Client API version.

Request Body

Name	Required	Type	Description
properties.connectionType	True	VirtualNetworkGatewayConnectionType	Gateway connection type.
properties.virtualNetworkGateway1	True	VirtualNetworkGateway	The reference to virtual network gateway resource.
id		string	Resource ID.
location		string	Resource location.
properties.authorizationKey		string	The authorizationKey.
properties.connectionMode		VirtualNetworkGatewayConnectionMode	The connection mode for this connection.
properties.connectionProtocol		VirtualNetworkGatewayConnectionProtocol	Connection protocol used for this connection.
properties.dpdTimeoutSeconds		integer	The dead peer detection timeout of this connection in seconds.
properties.egressNatRules		SubResource[]	List of egress NatRules.
properties.enableBgp		boolean	EnableBgp flag.
properties.enablePrivateLinkFastPath		boolean	Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastPath (expressRouteGatewayBypass) must be enabled.
properties.expressRouteGatewayBypass		boolean	Bypass ExpressRoute Gateway for data forwarding.
properties.gatewayCustomBgpIpAddresses		GatewayCustomBgpIpAddressIpConfiguration[]	GatewayCustomBgpIpAddresses to be used for virtual network gateway Connection.
properties.ingressNatRules		SubResource[]	List of ingress NatRules.
properties.ipsecPolicies		IpsecPolicy[]	The IPSec Policies to be considered by this connection.
properties.localNetworkGateway2		LocalNetworkGateway	The reference to local network gateway resource.
properties.peer		SubResource	The reference to peerings resource.
properties.routingWeight		integer	The routing weight.
properties.sharedKey		string	The IPSec shared key.
properties.trafficSelectorPolicies		TrafficSelectorPolicy[]	The Traffic Selector Policies to be considered by this connection.
properties.useLocalAzureIpAddress		boolean	Use private local Azure IP for the connection.
properties.usePolicyBasedTrafficSelectors		boolean	Enable policy-based traffic selectors.
properties.virtualNetworkGateway2		VirtualNetworkGateway	The reference to virtual network gateway resource.
tags		object	Resource tags.

Responses

Name	Type	Description
200 OK	VirtualNetworkGatewayConnection	Update successful. The operation returns the resulting VirtualNetworkGatewayConnection resource.
201 Created	VirtualNetworkGatewayConnection	Create successful. The operation returns the resulting VirtualNetworkGatewayConnection resource.
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

CreateVirtualNetworkGatewayConnection_S2S

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/connections/connS2S?api-version=2023-09-01

{
  "properties": {
    "virtualNetworkGateway1": {
      "properties": {
        "ipConfigurations": [
          {
            "properties": {
              "privateIPAllocationMethod": "Dynamic",
              "subnet": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/GatewaySubnet"
              },
              "publicIPAddress": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/gwpip"
              }
            },
            "name": "gwipconfig1",
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/gwipconfig1"
          }
        ],
        "gatewayType": "Vpn",
        "vpnType": "RouteBased",
        "enableBgp": false,
        "activeActive": false,
        "sku": {
          "name": "VpnGw1",
          "tier": "VpnGw1"
        },
        "bgpSettings": {
          "asn": 65514,
          "bgpPeeringAddress": "10.0.1.30",
          "peerWeight": 0
        }
      },
      "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw",
      "location": "centralus",
      "tags": {}
    },
    "localNetworkGateway2": {
      "properties": {
        "localNetworkAddressSpace": {
          "addressPrefixes": [
            "10.1.0.0/16"
          ]
        },
        "gatewayIpAddress": "x.x.x.x"
      },
      "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/localNetworkGateways/localgw",
      "location": "centralus",
      "tags": {}
    },
    "ingressNatRules": [
      {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule1"
      }
    ],
    "egressNatRules": [
      {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule2"
      }
    ],
    "gatewayCustomBgpIpAddresses": [
      {
        "ipConfigurationId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/default",
        "customBgpIpAddress": "169.254.21.1"
      },
      {
        "ipConfigurationId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/ActiveActive",
        "customBgpIpAddress": "169.254.21.3"
      }
    ],
    "connectionType": "IPsec",
    "connectionProtocol": "IKEv2",
    "routingWeight": 0,
    "dpdTimeoutSeconds": 30,
    "sharedKey": "Abc123",
    "enableBgp": false,
    "usePolicyBasedTrafficSelectors": false,
    "ipsecPolicies": [],
    "trafficSelectorPolicies": [],
    "connectionMode": "Default"
  },
  "location": "centralus"
}

Java

import com.azure.core.management.SubResource;
import com.azure.resourcemanager.network.fluent.models.LocalNetworkGatewayInner;
import com.azure.resourcemanager.network.fluent.models.VirtualNetworkGatewayConnectionInner;
import com.azure.resourcemanager.network.fluent.models.VirtualNetworkGatewayInner;
import com.azure.resourcemanager.network.fluent.models.VirtualNetworkGatewayIpConfigurationInner;
import com.azure.resourcemanager.network.models.AddressSpace;
import com.azure.resourcemanager.network.models.BgpSettings;
import com.azure.resourcemanager.network.models.GatewayCustomBgpIpAddressIpConfiguration;
import com.azure.resourcemanager.network.models.IpAllocationMethod;
import com.azure.resourcemanager.network.models.VirtualNetworkGatewayConnectionMode;
import com.azure.resourcemanager.network.models.VirtualNetworkGatewayConnectionProtocol;
import com.azure.resourcemanager.network.models.VirtualNetworkGatewayConnectionType;
import com.azure.resourcemanager.network.models.VirtualNetworkGatewaySku;
import com.azure.resourcemanager.network.models.VirtualNetworkGatewaySkuName;
import com.azure.resourcemanager.network.models.VirtualNetworkGatewaySkuTier;
import com.azure.resourcemanager.network.models.VirtualNetworkGatewayType;
import com.azure.resourcemanager.network.models.VpnType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/**
 * Samples for VirtualNetworkGatewayConnections CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
     * VirtualNetworkGatewayConnectionCreate.json
     */
    /**
     * Sample code: CreateVirtualNetworkGatewayConnection_S2S.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createVirtualNetworkGatewayConnectionS2S(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getVirtualNetworkGatewayConnections().createOrUpdate("rg1",
            "connS2S",
            new VirtualNetworkGatewayConnectionInner().withLocation("centralus").withVirtualNetworkGateway1(
                new VirtualNetworkGatewayInner().withLocation("centralus").withTags(mapOf()).withId(
                    "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw")
                    .withIpConfigurations(Arrays.asList(new VirtualNetworkGatewayIpConfigurationInner().withId(
                        "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/gwipconfig1")
                        .withName("gwipconfig1").withPrivateIpAllocationMethod(IpAllocationMethod.DYNAMIC)
                        .withSubnet(new SubResource().withId(
                            "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/GatewaySubnet"))
                        .withPublicIpAddress(new SubResource().withId(
                            "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/gwpip"))))
                    .withGatewayType(VirtualNetworkGatewayType.VPN).withVpnType(VpnType.ROUTE_BASED)
                    .withEnableBgp(false).withActive(false)
                    .withSku(new VirtualNetworkGatewaySku().withName(VirtualNetworkGatewaySkuName.VPN_GW1)
                        .withTier(VirtualNetworkGatewaySkuTier.VPN_GW1))
                    .withBgpSettings(
                        new BgpSettings().withAsn(65514L).withBgpPeeringAddress("10.0.1.30").withPeerWeight(0)))
                .withLocalNetworkGateway2(new LocalNetworkGatewayInner().withLocation("centralus").withTags(mapOf())
                    .withId(
                        "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/localNetworkGateways/localgw")
                    .withLocalNetworkAddressSpace(new AddressSpace().withAddressPrefixes(Arrays.asList("10.1.0.0/16")))
                    .withGatewayIpAddress("x.x.x.x"))
                .withIngressNatRules(Arrays.asList(new SubResource().withId(
                    "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule1")))
                .withEgressNatRules(Arrays.asList(new SubResource().withId(
                    "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule2")))
                .withConnectionType(VirtualNetworkGatewayConnectionType.IPSEC)
                .withConnectionProtocol(VirtualNetworkGatewayConnectionProtocol.IKEV2).withRoutingWeight(0)
                .withDpdTimeoutSeconds(30).withConnectionMode(VirtualNetworkGatewayConnectionMode.DEFAULT)
                .withSharedKey("fakeTokenPlaceholder").withEnableBgp(false)
                .withGatewayCustomBgpIpAddresses(Arrays.asList(
                    new GatewayCustomBgpIpAddressIpConfiguration().withIpConfigurationId(
                        "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/default")
                        .withCustomBgpIpAddress("169.254.21.1"),
                    new GatewayCustomBgpIpAddressIpConfiguration().withIpConfigurationId(
                        "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/ActiveActive")
                        .withCustomBgpIpAddress("169.254.21.3")))
                .withUsePolicyBasedTrafficSelectors(false).withIpsecPolicies(Arrays.asList())
                .withTrafficSelectorPolicies(Arrays.asList()),
            com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python virtual_network_gateway_connection_create.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.virtual_network_gateway_connections.begin_create_or_update(
        resource_group_name="rg1",
        virtual_network_gateway_connection_name="connS2S",
        parameters={
            "location": "centralus",
            "properties": {
                "connectionMode": "Default",
                "connectionProtocol": "IKEv2",
                "connectionType": "IPsec",
                "dpdTimeoutSeconds": 30,
                "egressNatRules": [
                    {
                        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule2"
                    }
                ],
                "enableBgp": False,
                "gatewayCustomBgpIpAddresses": [
                    {
                        "customBgpIpAddress": "169.254.21.1",
                        "ipConfigurationId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/default",
                    },
                    {
                        "customBgpIpAddress": "169.254.21.3",
                        "ipConfigurationId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/ActiveActive",
                    },
                ],
                "ingressNatRules": [
                    {
                        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule1"
                    }
                ],
                "ipsecPolicies": [],
                "localNetworkGateway2": {
                    "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/localNetworkGateways/localgw",
                    "location": "centralus",
                    "properties": {
                        "gatewayIpAddress": "x.x.x.x",
                        "localNetworkAddressSpace": {"addressPrefixes": ["10.1.0.0/16"]},
                    },
                    "tags": {},
                },
                "routingWeight": 0,
                "sharedKey": "Abc123",
                "trafficSelectorPolicies": [],
                "usePolicyBasedTrafficSelectors": False,
                "virtualNetworkGateway1": {
                    "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw",
                    "location": "centralus",
                    "properties": {
                        "activeActive": False,
                        "bgpSettings": {"asn": 65514, "bgpPeeringAddress": "10.0.1.30", "peerWeight": 0},
                        "enableBgp": False,
                        "gatewayType": "Vpn",
                        "ipConfigurations": [
                            {
                                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/gwipconfig1",
                                "name": "gwipconfig1",
                                "properties": {
                                    "privateIPAllocationMethod": "Dynamic",
                                    "publicIPAddress": {
                                        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/gwpip"
                                    },
                                    "subnet": {
                                        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/GatewaySubnet"
                                    },
                                },
                            }
                        ],
                        "sku": {"name": "VpnGw1", "tier": "VpnGw1"},
                        "vpnType": "RouteBased",
                    },
                    "tags": {},
                },
            },
        },
    ).result()
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/VirtualNetworkGatewayConnectionCreate.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/VirtualNetworkGatewayConnectionCreate.json
func ExampleVirtualNetworkGatewayConnectionsClient_BeginCreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewVirtualNetworkGatewayConnectionsClient().BeginCreateOrUpdate(ctx, "rg1", "connS2S", armnetwork.VirtualNetworkGatewayConnection{
		Location: to.Ptr("centralus"),
		Properties: &armnetwork.VirtualNetworkGatewayConnectionPropertiesFormat{
			ConnectionMode:     to.Ptr(armnetwork.VirtualNetworkGatewayConnectionModeDefault),
			ConnectionProtocol: to.Ptr(armnetwork.VirtualNetworkGatewayConnectionProtocolIKEv2),
			ConnectionType:     to.Ptr(armnetwork.VirtualNetworkGatewayConnectionTypeIPsec),
			DpdTimeoutSeconds:  to.Ptr[int32](30),
			EgressNatRules: []*armnetwork.SubResource{
				{
					ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule2"),
				}},
			EnableBgp: to.Ptr(false),
			GatewayCustomBgpIPAddresses: []*armnetwork.GatewayCustomBgpIPAddressIPConfiguration{
				{
					CustomBgpIPAddress: to.Ptr("169.254.21.1"),
					IPConfigurationID:  to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/default"),
				},
				{
					CustomBgpIPAddress: to.Ptr("169.254.21.3"),
					IPConfigurationID:  to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/ActiveActive"),
				}},
			IngressNatRules: []*armnetwork.SubResource{
				{
					ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule1"),
				}},
			IPSecPolicies: []*armnetwork.IPSecPolicy{},
			LocalNetworkGateway2: &armnetwork.LocalNetworkGateway{
				ID:       to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/localNetworkGateways/localgw"),
				Location: to.Ptr("centralus"),
				Tags:     map[string]*string{},
				Properties: &armnetwork.LocalNetworkGatewayPropertiesFormat{
					GatewayIPAddress: to.Ptr("x.x.x.x"),
					LocalNetworkAddressSpace: &armnetwork.AddressSpace{
						AddressPrefixes: []*string{
							to.Ptr("10.1.0.0/16")},
					},
				},
			},
			RoutingWeight:                  to.Ptr[int32](0),
			SharedKey:                      to.Ptr("Abc123"),
			TrafficSelectorPolicies:        []*armnetwork.TrafficSelectorPolicy{},
			UsePolicyBasedTrafficSelectors: to.Ptr(false),
			VirtualNetworkGateway1: &armnetwork.VirtualNetworkGateway{
				ID:       to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw"),
				Location: to.Ptr("centralus"),
				Tags:     map[string]*string{},
				Properties: &armnetwork.VirtualNetworkGatewayPropertiesFormat{
					Active: to.Ptr(false),
					BgpSettings: &armnetwork.BgpSettings{
						Asn:               to.Ptr[int64](65514),
						BgpPeeringAddress: to.Ptr("10.0.1.30"),
						PeerWeight:        to.Ptr[int32](0),
					},
					EnableBgp:   to.Ptr(false),
					GatewayType: to.Ptr(armnetwork.VirtualNetworkGatewayTypeVPN),
					IPConfigurations: []*armnetwork.VirtualNetworkGatewayIPConfiguration{
						{
							ID:   to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/gwipconfig1"),
							Name: to.Ptr("gwipconfig1"),
							Properties: &armnetwork.VirtualNetworkGatewayIPConfigurationPropertiesFormat{
								PrivateIPAllocationMethod: to.Ptr(armnetwork.IPAllocationMethodDynamic),
								PublicIPAddress: &armnetwork.SubResource{
									ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/gwpip"),
								},
								Subnet: &armnetwork.SubResource{
									ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/GatewaySubnet"),
								},
							},
						}},
					SKU: &armnetwork.VirtualNetworkGatewaySKU{
						Name: to.Ptr(armnetwork.VirtualNetworkGatewaySKUNameVPNGw1),
						Tier: to.Ptr(armnetwork.VirtualNetworkGatewaySKUTierVPNGw1),
					},
					VPNType: to.Ptr(armnetwork.VPNTypeRouteBased),
				},
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.VirtualNetworkGatewayConnection = armnetwork.VirtualNetworkGatewayConnection{
	// 	Name: to.Ptr("connS2S"),
	// 	Type: to.Ptr("Microsoft.Network/connections"),
	// 	ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/connections/connS2S"),
	// 	Location: to.Ptr("centralus"),
	// 	Etag: to.Ptr("W/\"00000000-0000-0000-0000-000000000000\""),
	// 	Properties: &armnetwork.VirtualNetworkGatewayConnectionPropertiesFormat{
	// 		ConnectionMode: to.Ptr(armnetwork.VirtualNetworkGatewayConnectionModeDefault),
	// 		ConnectionProtocol: to.Ptr(armnetwork.VirtualNetworkGatewayConnectionProtocolIKEv2),
	// 		ConnectionType: to.Ptr(armnetwork.VirtualNetworkGatewayConnectionTypeIPsec),
	// 		DpdTimeoutSeconds: to.Ptr[int32](30),
	// 		EgressBytesTransferred: to.Ptr[int64](0),
	// 		EgressNatRules: []*armnetwork.SubResource{
	// 			{
	// 				ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule2"),
	// 		}},
	// 		EnableBgp: to.Ptr(false),
	// 		GatewayCustomBgpIPAddresses: []*armnetwork.GatewayCustomBgpIPAddressIPConfiguration{
	// 			{
	// 				CustomBgpIPAddress: to.Ptr("169.254.21.1"),
	// 				IPConfigurationID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/default"),
	// 			},
	// 			{
	// 				CustomBgpIPAddress: to.Ptr("169.254.21.3"),
	// 				IPConfigurationID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/ActiveActive"),
	// 		}},
	// 		IngressBytesTransferred: to.Ptr[int64](0),
	// 		IngressNatRules: []*armnetwork.SubResource{
	// 			{
	// 				ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule1"),
	// 		}},
	// 		IPSecPolicies: []*armnetwork.IPSecPolicy{
	// 		},
	// 		LocalNetworkGateway2: &armnetwork.LocalNetworkGateway{
	// 			ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/localNetworkGateways/localgw"),
	// 			Properties: &armnetwork.LocalNetworkGatewayPropertiesFormat{
	// 			},
	// 		},
	// 		ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
	// 		ResourceGUID: to.Ptr("00000000-0000-0000-0000-000000000000"),
	// 		RoutingWeight: to.Ptr[int32](0),
	// 		SharedKey: to.Ptr("Abc123"),
	// 		UseLocalAzureIPAddress: to.Ptr(false),
	// 		UsePolicyBasedTrafficSelectors: to.Ptr(false),
	// 		VirtualNetworkGateway1: &armnetwork.VirtualNetworkGateway{
	// 			ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw"),
	// 			Properties: &armnetwork.VirtualNetworkGatewayPropertiesFormat{
	// 			},
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a virtual network gateway connection in the specified resource group.
 *
 * @summary Creates or updates a virtual network gateway connection in the specified resource group.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/VirtualNetworkGatewayConnectionCreate.json
 */
async function createVirtualNetworkGatewayConnectionS2S() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const virtualNetworkGatewayConnectionName = "connS2S";
  const parameters = {
    connectionMode: "Default",
    connectionProtocol: "IKEv2",
    connectionType: "IPsec",
    dpdTimeoutSeconds: 30,
    egressNatRules: [
      {
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule2",
      },
    ],
    enableBgp: false,
    gatewayCustomBgpIpAddresses: [
      {
        customBgpIpAddress: "169.254.21.1",
        ipConfigurationId:
          "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/default",
      },
      {
        customBgpIpAddress: "169.254.21.3",
        ipConfigurationId:
          "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/ActiveActive",
      },
    ],
    ingressNatRules: [
      {
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule1",
      },
    ],
    ipsecPolicies: [],
    localNetworkGateway2: {
      gatewayIpAddress: "x.x.x.x",
      id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/localNetworkGateways/localgw",
      localNetworkAddressSpace: { addressPrefixes: ["10.1.0.0/16"] },
      location: "centralus",
      tags: {},
    },
    location: "centralus",
    routingWeight: 0,
    sharedKey: "Abc123",
    trafficSelectorPolicies: [],
    usePolicyBasedTrafficSelectors: false,
    virtualNetworkGateway1: {
      active: false,
      bgpSettings: {
        asn: 65514,
        bgpPeeringAddress: "10.0.1.30",
        peerWeight: 0,
      },
      enableBgp: false,
      gatewayType: "Vpn",
      id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw",
      ipConfigurations: [
        {
          name: "gwipconfig1",
          id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/gwipconfig1",
          privateIPAllocationMethod: "Dynamic",
          publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/gwpip",
          },
          subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/GatewaySubnet",
          },
        },
      ],
      location: "centralus",
      sku: { name: "VpnGw1", tier: "VpnGw1" },
      tags: {},
      vpnType: "RouteBased",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.virtualNetworkGatewayConnections.beginCreateOrUpdateAndWait(
    resourceGroupName,
    virtualNetworkGatewayConnectionName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.Resources.Models;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/VirtualNetworkGatewayConnectionCreate.json
// this example is just showing the usage of "VirtualNetworkGatewayConnections_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);

// get the collection of this VirtualNetworkGatewayConnectionResource
VirtualNetworkGatewayConnectionCollection collection = resourceGroupResource.GetVirtualNetworkGatewayConnections();

// invoke the operation
string virtualNetworkGatewayConnectionName = "connS2S";
VirtualNetworkGatewayConnectionData data = new VirtualNetworkGatewayConnectionData(new VirtualNetworkGatewayData()
{
    IPConfigurations =
    {
    new VirtualNetworkGatewayIPConfiguration()
    {
    PrivateIPAllocationMethod = NetworkIPAllocationMethod.Dynamic,
    SubnetId = new ResourceIdentifier("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/GatewaySubnet"),
    PublicIPAddressId = new ResourceIdentifier("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/gwpip"),
    Id = new ResourceIdentifier("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/gwipconfig1"),
    Name = "gwipconfig1",
    }
    },
    GatewayType = VirtualNetworkGatewayType.Vpn,
    VpnType = VpnType.RouteBased,
    EnableBgp = false,
    Active = false,
    Sku = new VirtualNetworkGatewaySku()
    {
        Name = VirtualNetworkGatewaySkuName.VpnGw1,
        Tier = VirtualNetworkGatewaySkuTier.VpnGw1,
    },
    BgpSettings = new BgpSettings()
    {
        Asn = 65514,
        BgpPeeringAddress = "10.0.1.30",
        PeerWeight = 0,
    },
    Id = new ResourceIdentifier("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw"),
    Location = new AzureLocation("centralus"),
    Tags =
    {
    },
}, VirtualNetworkGatewayConnectionType.IPsec)
{
    LocalNetworkGateway2 = new LocalNetworkGatewayData()
    {
        LocalNetworkAddressPrefixes =
        {
        "10.1.0.0/16"
        },
        GatewayIPAddress = "x.x.x.x",
        Id = new ResourceIdentifier("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/localNetworkGateways/localgw"),
        Location = new AzureLocation("centralus"),
        Tags =
        {
        },
    },
    IngressNatRules =
    {
    new WritableSubResource()
    {
    Id = new ResourceIdentifier("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule1"),
    }
    },
    EgressNatRules =
    {
    new WritableSubResource()
    {
    Id = new ResourceIdentifier("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule2"),
    }
    },
    ConnectionProtocol = VirtualNetworkGatewayConnectionProtocol.IkeV2,
    RoutingWeight = 0,
    DpdTimeoutSeconds = 30,
    ConnectionMode = VirtualNetworkGatewayConnectionMode.Default,
    SharedKey = "Abc123",
    EnableBgp = false,
    GatewayCustomBgpIPAddresses =
    {
    new GatewayCustomBgpIPAddressIPConfiguration("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/default","169.254.21.1"),new GatewayCustomBgpIPAddressIPConfiguration("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/ActiveActive","169.254.21.3")
    },
    UsePolicyBasedTrafficSelectors = false,
    IPsecPolicies =
    {
    },
    TrafficSelectorPolicies =
    {
    },
    Location = new AzureLocation("centralus"),
};
ArmOperation<VirtualNetworkGatewayConnectionResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, virtualNetworkGatewayConnectionName, data);
VirtualNetworkGatewayConnectionResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
VirtualNetworkGatewayConnectionData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

201

{
  "name": "connS2S",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/connections/connS2S",
  "etag": "W/\"00000000-0000-0000-0000-000000000000\"",
  "type": "Microsoft.Network/connections",
  "location": "centralus",
  "properties": {
    "provisioningState": "Updating",
    "resourceGuid": "00000000-0000-0000-0000-000000000000",
    "virtualNetworkGateway1": {
      "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw",
      "properties": {}
    },
    "localNetworkGateway2": {
      "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/localNetworkGateways/localgw",
      "properties": {}
    },
    "ingressNatRules": [
      {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule1"
      }
    ],
    "egressNatRules": [
      {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule2"
      }
    ],
    "connectionType": "IPsec",
    "connectionProtocol": "IKEv2",
    "routingWeight": 0,
    "dpdTimeoutSeconds": 30,
    "sharedKey": "Abc123",
    "enableBgp": false,
    "useLocalAzureIpAddress": false,
    "usePolicyBasedTrafficSelectors": false,
    "ipsecPolicies": [],
    "ingressBytesTransferred": 0,
    "egressBytesTransferred": 0,
    "connectionMode": "Default"
  }
}

Status code:

200

{
  "name": "connS2S",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/connections/connS2S",
  "etag": "W/\"00000000-0000-0000-0000-000000000000\"",
  "type": "Microsoft.Network/connections",
  "location": "centralus",
  "properties": {
    "provisioningState": "Updating",
    "resourceGuid": "00000000-0000-0000-0000-000000000000",
    "virtualNetworkGateway1": {
      "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw",
      "properties": {}
    },
    "localNetworkGateway2": {
      "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/localNetworkGateways/localgw",
      "properties": {}
    },
    "ingressNatRules": [
      {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule1"
      }
    ],
    "egressNatRules": [
      {
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/natRules/natRule2"
      }
    ],
    "connectionType": "IPsec",
    "connectionProtocol": "IKEv2",
    "routingWeight": 0,
    "dpdTimeoutSeconds": 30,
    "sharedKey": "Abc123",
    "enableBgp": false,
    "gatewayCustomBgpIpAddresses": [
      {
        "ipConfigurationId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/default",
        "customBgpIpAddress": "169.254.21.1"
      },
      {
        "ipConfigurationId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/ipConfigurations/ActiveActive",
        "customBgpIpAddress": "169.254.21.3"
      }
    ],
    "useLocalAzureIpAddress": false,
    "usePolicyBasedTrafficSelectors": false,
    "ipsecPolicies": [],
    "ingressBytesTransferred": 0,
    "egressBytesTransferred": 0,
    "connectionMode": "Default"
  }
}

Definitions

Name	Description
AddressSpace	AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network.
adminState	Property to indicate if the Express Route Gateway serves traffic when there are multiple Express Route Gateways in the vnet
BgpSettings	BGP settings details.
CloudError	An error response from the service.
CloudErrorBody	An error response from the service.
DhGroup	The DH Groups used in IKE Phase 1 for initial SA.
ExtendedLocation	ExtendedLocation complex type.
ExtendedLocationTypes	The type of the extended location.
GatewayCustomBgpIpAddressIpConfiguration	GatewayCustomBgpIpAddressIpConfiguration for a virtual network gateway connection.
IkeEncryption	The IKE encryption algorithm (IKE phase 2).
IkeIntegrity	The IKE integrity algorithm (IKE phase 2).
IPAllocationMethod	IP address allocation method.
IPConfigurationBgpPeeringAddress	Properties of IPConfigurationBgpPeeringAddress.
IpsecEncryption	The IPSec encryption algorithm (IKE phase 1).
IpsecIntegrity	The IPSec integrity algorithm (IKE phase 1).
IpsecPolicy	An IPSec Policy configuration for a virtual network gateway connection.
LocalNetworkGateway	A common class for general resource information.
PfsGroup	The Pfs Groups used in IKE Phase 2 for new child SA.
ProvisioningState	The current provisioning state.
RadiusServer	Radius Server Settings.
SubResource	Reference to another subresource.
TrafficSelectorPolicy	An traffic selector policy for a virtual network gateway connection.
TunnelConnectionHealth	VirtualNetworkGatewayConnection properties.
VirtualNetworkGateway	A common class for general resource information.
VirtualNetworkGatewayAutoScaleBounds
VirtualNetworkGatewayAutoScaleConfiguration	Virtual Network Gateway Autoscale Configuration details
VirtualNetworkGatewayConnection	A common class for general resource information.
VirtualNetworkGatewayConnectionMode	Gateway connection type.
VirtualNetworkGatewayConnectionProtocol	Connection protocol used for this connection.
VirtualNetworkGatewayConnectionStatus	Virtual Network Gateway connection status.
VirtualNetworkGatewayConnectionType	Gateway connection type.
VirtualNetworkGatewayIPConfiguration	IP configuration for virtual network gateway.
VirtualNetworkGatewayNatRule	VirtualNetworkGatewayNatRule Resource.
VirtualNetworkGatewayPolicyGroup	Parameters for VirtualNetworkGatewayPolicyGroup.
VirtualNetworkGatewayPolicyGroupMember	Vpn Client Connection configuration PolicyGroup member
VirtualNetworkGatewaySku	VirtualNetworkGatewaySku details.
VirtualNetworkGatewaySkuName	Gateway SKU name.
VirtualNetworkGatewaySkuTier	Gateway SKU tier.
VirtualNetworkGatewayType	The type of this virtual network gateway.
VngClientConnectionConfiguration	A vpn client connection configuration for client connection configuration.
VpnAuthenticationType	VPN authentication types for the virtual network gateway..
VpnClientConfiguration	VpnClientConfiguration for P2S client.
VpnClientProtocol	VpnClientProtocols for Virtual network gateway.
VpnClientRevokedCertificate	VPN client revoked certificate of virtual network gateway.
VpnClientRootCertificate	VPN client root certificate of virtual network gateway.
VpnGatewayGeneration	The generation for this VirtualNetworkGateway. Must be None if gatewayType is not VPN.
VpnNatRuleMapping	Vpn NatRule mapping.
VpnNatRuleMode	The Source NAT direction of a VPN NAT.
VpnNatRuleType	The type of NAT rule for VPN NAT.
VpnPolicyMemberAttributeType	The Vpn Policy member attribute type.
VpnType	The type of this virtual network gateway.

AddressSpace

AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network.

Name	Type	Description
addressPrefixes	string[]	A list of address blocks reserved for this virtual network in CIDR notation.

adminState

Property to indicate if the Express Route Gateway serves traffic when there are multiple Express Route Gateways in the vnet

Name	Type	Description
Disabled	string
Enabled	string

BgpSettings

BGP settings details.

Name	Type	Description
asn	integer	The BGP speaker's ASN.
bgpPeeringAddress	string	The BGP peering address and BGP identifier of this BGP speaker.
bgpPeeringAddresses	IPConfigurationBgpPeeringAddress[]	BGP peering address with IP configuration ID for virtual network gateway.
peerWeight	integer	The weight added to routes learned from this BGP speaker.

CloudError

An error response from the service.

Name	Type	Description
error	CloudErrorBody	Cloud error body.

CloudErrorBody

An error response from the service.

Name	Type	Description
code	string	An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
details	CloudErrorBody[]	A list of additional details about the error.
message	string	A message describing the error, intended to be suitable for display in a user interface.
target	string	The target of the particular error. For example, the name of the property in error.

DhGroup

The DH Groups used in IKE Phase 1 for initial SA.

Name	Type	Description
DHGroup1	string
DHGroup14	string
DHGroup2	string
DHGroup2048	string
DHGroup24	string
ECP256	string
ECP384	string
None	string

ExtendedLocation

ExtendedLocation complex type.

Name	Type	Description
name	string	The name of the extended location.
type	ExtendedLocationTypes	The type of the extended location.

ExtendedLocationTypes

The type of the extended location.

Name	Type	Description
EdgeZone	string

GatewayCustomBgpIpAddressIpConfiguration

GatewayCustomBgpIpAddressIpConfiguration for a virtual network gateway connection.

Name	Type	Description
customBgpIpAddress	string	The custom BgpPeeringAddress which belongs to IpconfigurationId.
ipConfigurationId	string	The IpconfigurationId of ipconfiguration which belongs to gateway.

IkeEncryption

The IKE encryption algorithm (IKE phase 2).

Name	Type	Description
AES128	string
AES192	string
AES256	string
DES	string
DES3	string
GCMAES128	string
GCMAES256	string

IkeIntegrity

The IKE integrity algorithm (IKE phase 2).

Name	Type	Description
GCMAES128	string
GCMAES256	string
MD5	string
SHA1	string
SHA256	string
SHA384	string

IPAllocationMethod

IP address allocation method.

Name	Type	Description
Dynamic	string
Static	string

IPConfigurationBgpPeeringAddress

Properties of IPConfigurationBgpPeeringAddress.

Name	Type	Description
customBgpIpAddresses	string[]	The list of custom BGP peering addresses which belong to IP configuration.
defaultBgpIpAddresses	string[]	The list of default BGP peering addresses which belong to IP configuration.
ipconfigurationId	string	The ID of IP configuration which belongs to gateway.
tunnelIpAddresses	string[]	The list of tunnel public IP addresses which belong to IP configuration.

IpsecEncryption

The IPSec encryption algorithm (IKE phase 1).

Name	Type	Description
AES128	string
AES192	string
AES256	string
DES	string
DES3	string
GCMAES128	string
GCMAES192	string
GCMAES256	string
None	string

IpsecIntegrity

The IPSec integrity algorithm (IKE phase 1).

Name	Type	Description
GCMAES128	string
GCMAES192	string
GCMAES256	string
MD5	string
SHA1	string
SHA256	string

IpsecPolicy

An IPSec Policy configuration for a virtual network gateway connection.

Name	Type	Description
dhGroup	DhGroup	The DH Group used in IKE Phase 1 for initial SA.
ikeEncryption	IkeEncryption	The IKE encryption algorithm (IKE phase 2).
ikeIntegrity	IkeIntegrity	The IKE integrity algorithm (IKE phase 2).
ipsecEncryption	IpsecEncryption	The IPSec encryption algorithm (IKE phase 1).
ipsecIntegrity	IpsecIntegrity	The IPSec integrity algorithm (IKE phase 1).
pfsGroup	PfsGroup	The Pfs Group used in IKE Phase 2 for new child SA.
saDataSizeKilobytes	integer	The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.
saLifeTimeSeconds	integer	The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.

LocalNetworkGateway

A common class for general resource information.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
location	string	Resource location.
name	string	Resource name.
properties.bgpSettings	BgpSettings	Local network gateway's BGP speaker settings.
properties.fqdn	string	FQDN of local network gateway.
properties.gatewayIpAddress	string	IP address of local network gateway.
properties.localNetworkAddressSpace	AddressSpace	Local network site address space.
properties.provisioningState	ProvisioningState	The provisioning state of the local network gateway resource.
properties.resourceGuid	string	The resource GUID property of the local network gateway resource.
tags	object	Resource tags.
type	string	Resource type.

PfsGroup

The Pfs Groups used in IKE Phase 2 for new child SA.

Name	Type	Description
ECP256	string
ECP384	string
None	string
PFS1	string
PFS14	string
PFS2	string
PFS2048	string
PFS24	string
PFSMM	string

ProvisioningState

The current provisioning state.

Name	Type	Description
Deleting	string
Failed	string
Succeeded	string
Updating	string

RadiusServer

Radius Server Settings.

Name	Type	Description
radiusServerAddress	string	The address of this radius server.
radiusServerScore	integer	The initial score assigned to this radius server.
radiusServerSecret	string	The secret used for this radius server.

SubResource

Reference to another subresource.

Name	Type	Description
id	string	Resource ID.

TrafficSelectorPolicy

An traffic selector policy for a virtual network gateway connection.

Name	Type	Description
localAddressRanges	string[]	A collection of local address spaces in CIDR format.
remoteAddressRanges	string[]	A collection of remote address spaces in CIDR format.

TunnelConnectionHealth

VirtualNetworkGatewayConnection properties.

Name	Type	Description
connectionStatus	VirtualNetworkGatewayConnectionStatus	Virtual Network Gateway connection status.
egressBytesTransferred	integer	The Egress Bytes Transferred in this connection.
ingressBytesTransferred	integer	The Ingress Bytes Transferred in this connection.
lastConnectionEstablishedUtcTime	string	The time at which connection was established in Utc format.
tunnel	string	Tunnel name.

VirtualNetworkGateway

A common class for general resource information.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
extendedLocation	ExtendedLocation	The extended location of type local virtual network gateway.
id	string	Resource ID.
location	string	Resource location.
name	string	Resource name.
properties.activeActive	boolean	ActiveActive flag.
properties.adminState	adminState	Property to indicate if the Express Route Gateway serves traffic when there are multiple Express Route Gateways in the vnet
properties.allowRemoteVnetTraffic	boolean	Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN.
properties.allowVirtualWanTraffic	boolean	Configures this gateway to accept traffic from remote Virtual WAN networks.
properties.autoScaleConfiguration	VirtualNetworkGatewayAutoScaleConfiguration	Autoscale configuration for virutal network gateway
properties.bgpSettings	BgpSettings	Virtual network gateway's BGP speaker settings.
properties.customRoutes	AddressSpace	The reference to the address space resource which represents the custom routes address space specified by the customer for virtual network gateway and VpnClient.
properties.disableIPSecReplayProtection	boolean	disableIPSecReplayProtection flag.
properties.enableBgp	boolean	Whether BGP is enabled for this virtual network gateway or not.
properties.enableBgpRouteTranslationForNat	boolean	EnableBgpRouteTranslationForNat flag.
properties.enableDnsForwarding	boolean	Whether dns forwarding is enabled or not.
properties.enablePrivateIpAddress	boolean	Whether private IP needs to be enabled on this gateway for connections or not.
properties.gatewayDefaultSite	SubResource	The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting.
properties.gatewayType	VirtualNetworkGatewayType	The type of this virtual network gateway.
properties.inboundDnsForwardingEndpoint	string	The IP address allocated by the gateway to which dns requests can be sent.
properties.ipConfigurations	VirtualNetworkGatewayIPConfiguration[]	IP configurations for virtual network gateway.
properties.natRules	VirtualNetworkGatewayNatRule[]	NatRules for virtual network gateway.
properties.provisioningState	ProvisioningState	The provisioning state of the virtual network gateway resource.
properties.resourceGuid	string	The resource GUID property of the virtual network gateway resource.
properties.sku	VirtualNetworkGatewaySku	The reference to the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway.
properties.vNetExtendedLocationResourceId	string	Customer vnet resource id. VirtualNetworkGateway of type local gateway is associated with the customer vnet.
properties.virtualNetworkGatewayPolicyGroups	VirtualNetworkGatewayPolicyGroup[]	The reference to the VirtualNetworkGatewayPolicyGroup resource which represents the available VirtualNetworkGatewayPolicyGroup for the gateway.
properties.vpnClientConfiguration	VpnClientConfiguration	The reference to the VpnClientConfiguration resource which represents the P2S VpnClient configurations.
properties.vpnGatewayGeneration	VpnGatewayGeneration	The generation for this VirtualNetworkGateway. Must be None if gatewayType is not VPN.
properties.vpnType	VpnType	The type of this virtual network gateway.
tags	object	Resource tags.
type	string	Resource type.

VirtualNetworkGatewayAutoScaleBounds

Name	Type	Description
max	integer	Maximum Scale Units for Autoscale configuration
min	integer	Minimum scale Units for Autoscale configuration

VirtualNetworkGatewayAutoScaleConfiguration

Virtual Network Gateway Autoscale Configuration details

Name	Type	Description
bounds	VirtualNetworkGatewayAutoScaleBounds	The bounds of the autoscale configuration

VirtualNetworkGatewayConnection

A common class for general resource information.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
location	string	Resource location.
name	string	Resource name.
properties.authorizationKey	string	The authorizationKey.
properties.connectionMode	VirtualNetworkGatewayConnectionMode	The connection mode for this connection.
properties.connectionProtocol	VirtualNetworkGatewayConnectionProtocol	Connection protocol used for this connection.
properties.connectionStatus	VirtualNetworkGatewayConnectionStatus	Virtual Network Gateway connection status.
properties.connectionType	VirtualNetworkGatewayConnectionType	Gateway connection type.
properties.dpdTimeoutSeconds	integer	The dead peer detection timeout of this connection in seconds.
properties.egressBytesTransferred	integer	The egress bytes transferred in this connection.
properties.egressNatRules	SubResource[]	List of egress NatRules.
properties.enableBgp	boolean	EnableBgp flag.
properties.enablePrivateLinkFastPath	boolean	Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastPath (expressRouteGatewayBypass) must be enabled.
properties.expressRouteGatewayBypass	boolean	Bypass ExpressRoute Gateway for data forwarding.
properties.gatewayCustomBgpIpAddresses	GatewayCustomBgpIpAddressIpConfiguration[]	GatewayCustomBgpIpAddresses to be used for virtual network gateway Connection.
properties.ingressBytesTransferred	integer	The ingress bytes transferred in this connection.
properties.ingressNatRules	SubResource[]	List of ingress NatRules.
properties.ipsecPolicies	IpsecPolicy[]	The IPSec Policies to be considered by this connection.
properties.localNetworkGateway2	LocalNetworkGateway	The reference to local network gateway resource.
properties.peer	SubResource	The reference to peerings resource.
properties.provisioningState	ProvisioningState	The provisioning state of the virtual network gateway connection resource.
properties.resourceGuid	string	The resource GUID property of the virtual network gateway connection resource.
properties.routingWeight	integer	The routing weight.
properties.sharedKey	string	The IPSec shared key.
properties.trafficSelectorPolicies	TrafficSelectorPolicy[]	The Traffic Selector Policies to be considered by this connection.
properties.tunnelConnectionStatus	TunnelConnectionHealth[]	Collection of all tunnels' connection health status.
properties.useLocalAzureIpAddress	boolean	Use private local Azure IP for the connection.
properties.usePolicyBasedTrafficSelectors	boolean	Enable policy-based traffic selectors.
properties.virtualNetworkGateway1	VirtualNetworkGateway	The reference to virtual network gateway resource.
properties.virtualNetworkGateway2	VirtualNetworkGateway	The reference to virtual network gateway resource.
tags	object	Resource tags.
type	string	Resource type.

VirtualNetworkGatewayConnectionMode

Gateway connection type.

Name	Type	Description
Default	string
InitiatorOnly	string
ResponderOnly	string

VirtualNetworkGatewayConnectionProtocol

Connection protocol used for this connection.

Name	Type	Description
IKEv1	string
IKEv2	string

VirtualNetworkGatewayConnectionStatus

Virtual Network Gateway connection status.

Name	Type	Description
Connected	string
Connecting	string
NotConnected	string
Unknown	string

VirtualNetworkGatewayConnectionType

Gateway connection type.

Name	Type	Description
ExpressRoute	string
IPsec	string
VPNClient	string
Vnet2Vnet	string

VirtualNetworkGatewayIPConfiguration

IP configuration for virtual network gateway.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
name	string	The name of the resource that is unique within a resource group. This name can be used to access the resource.
properties.privateIPAddress	string	Private IP Address for this gateway.
properties.privateIPAllocationMethod	IPAllocationMethod	The private IP address allocation method.
properties.provisioningState	ProvisioningState	The provisioning state of the virtual network gateway IP configuration resource.
properties.publicIPAddress	SubResource	The reference to the public IP resource.
properties.subnet	SubResource	The reference to the subnet resource.

VirtualNetworkGatewayNatRule

VirtualNetworkGatewayNatRule Resource.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
name	string	The name of the resource that is unique within a resource group. This name can be used to access the resource.
properties.externalMappings	VpnNatRuleMapping[]	The private IP address external mapping for NAT.
properties.internalMappings	VpnNatRuleMapping[]	The private IP address internal mapping for NAT.
properties.ipConfigurationId	string	The IP Configuration ID this NAT rule applies to.
properties.mode	VpnNatRuleMode	The Source NAT direction of a VPN NAT.
properties.provisioningState	ProvisioningState	The provisioning state of the NAT Rule resource.
properties.type	VpnNatRuleType	The type of NAT rule for VPN NAT.
type	string	Resource type.

VirtualNetworkGatewayPolicyGroup

Parameters for VirtualNetworkGatewayPolicyGroup.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
name	string	The name of the resource that is unique within a resource group. This name can be used to access the resource.
properties.isDefault	boolean	Shows if this is a Default VirtualNetworkGatewayPolicyGroup or not.
properties.policyMembers	VirtualNetworkGatewayPolicyGroupMember[]	Multiple PolicyMembers for VirtualNetworkGatewayPolicyGroup.
properties.priority	integer	Priority for VirtualNetworkGatewayPolicyGroup.
properties.provisioningState	ProvisioningState	The provisioning state of the VirtualNetworkGatewayPolicyGroup resource.
properties.vngClientConnectionConfigurations	SubResource[]	List of references to vngClientConnectionConfigurations.

VirtualNetworkGatewayPolicyGroupMember

Vpn Client Connection configuration PolicyGroup member

Name	Type	Description
attributeType	VpnPolicyMemberAttributeType	The Vpn Policy member attribute type.
attributeValue	string	The value of Attribute used for this VirtualNetworkGatewayPolicyGroupMember.
name	string	Name of the VirtualNetworkGatewayPolicyGroupMember.

VirtualNetworkGatewaySku

VirtualNetworkGatewaySku details.

Name	Type	Description
capacity	integer	The capacity.
name	VirtualNetworkGatewaySkuName	Gateway SKU name.
tier	VirtualNetworkGatewaySkuTier	Gateway SKU tier.

VirtualNetworkGatewaySkuName

Gateway SKU name.

Name	Type	Description
Basic	string
ErGw1AZ	string
ErGw2AZ	string
ErGw3AZ	string
ErGwScale	string
HighPerformance	string
Standard	string
UltraPerformance	string
VpnGw1	string
VpnGw1AZ	string
VpnGw2	string
VpnGw2AZ	string
VpnGw3	string
VpnGw3AZ	string
VpnGw4	string
VpnGw4AZ	string
VpnGw5	string
VpnGw5AZ	string

VirtualNetworkGatewaySkuTier

Gateway SKU tier.

Name	Type	Description
Basic	string
ErGw1AZ	string
ErGw2AZ	string
ErGw3AZ	string
ErGwScale	string
HighPerformance	string
Standard	string
UltraPerformance	string
VpnGw1	string
VpnGw1AZ	string
VpnGw2	string
VpnGw2AZ	string
VpnGw3	string
VpnGw3AZ	string
VpnGw4	string
VpnGw4AZ	string
VpnGw5	string
VpnGw5AZ	string

VirtualNetworkGatewayType

The type of this virtual network gateway.

Name	Type	Description
ExpressRoute	string
LocalGateway	string
Vpn	string

VngClientConnectionConfiguration

A vpn client connection configuration for client connection configuration.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
name	string	The name of the resource that is unique within a resource group. This name can be used to access the resource.
properties.provisioningState	ProvisioningState	The provisioning state of the VngClientConnectionConfiguration resource.
properties.virtualNetworkGatewayPolicyGroups	SubResource[]	List of references to virtualNetworkGatewayPolicyGroups
properties.vpnClientAddressPool	AddressSpace	The reference to the address space resource which represents Address space for P2S VpnClient.

VpnAuthenticationType

VPN authentication types for the virtual network gateway..

Name	Type	Description
AAD	string
Certificate	string
Radius	string

VpnClientConfiguration

VpnClientConfiguration for P2S client.

Name	Type	Description
aadAudience	string	The AADAudience property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication.
aadIssuer	string	The AADIssuer property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication.
aadTenant	string	The AADTenant property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication.
radiusServerAddress	string	The radius server address property of the VirtualNetworkGateway resource for vpn client connection.
radiusServerSecret	string	The radius secret property of the VirtualNetworkGateway resource for vpn client connection.
radiusServers	RadiusServer[]	The radiusServers property for multiple radius server configuration.
vngClientConnectionConfigurations	VngClientConnectionConfiguration[]	per ip address pool connection policy for virtual network gateway P2S client.
vpnAuthenticationTypes	VpnAuthenticationType[]	VPN authentication types for the virtual network gateway..
vpnClientAddressPool	AddressSpace	The reference to the address space resource which represents Address space for P2S VpnClient.
vpnClientIpsecPolicies	IpsecPolicy[]	VpnClientIpsecPolicies for virtual network gateway P2S client.
vpnClientProtocols	VpnClientProtocol[]	VpnClientProtocols for Virtual network gateway.
vpnClientRevokedCertificates	VpnClientRevokedCertificate[]	VpnClientRevokedCertificate for Virtual network gateway.
vpnClientRootCertificates	VpnClientRootCertificate[]	VpnClientRootCertificate for virtual network gateway.

VpnClientProtocol

VpnClientProtocols for Virtual network gateway.

Name	Type	Description
IkeV2	string
OpenVPN	string
SSTP	string

VpnClientRevokedCertificate

VPN client revoked certificate of virtual network gateway.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
name	string	The name of the resource that is unique within a resource group. This name can be used to access the resource.
properties.provisioningState	ProvisioningState	The provisioning state of the VPN client revoked certificate resource.
properties.thumbprint	string	The revoked VPN client certificate thumbprint.

VpnClientRootCertificate

VPN client root certificate of virtual network gateway.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
name	string	The name of the resource that is unique within a resource group. This name can be used to access the resource.
properties.provisioningState	ProvisioningState	The provisioning state of the VPN client root certificate resource.
properties.publicCertData	string	The certificate public data.

VpnGatewayGeneration

The generation for this VirtualNetworkGateway. Must be None if gatewayType is not VPN.

Name	Type	Description
Generation1	string
Generation2	string
None	string

VpnNatRuleMapping

Vpn NatRule mapping.

Name	Type	Description
addressSpace	string	Address space for Vpn NatRule mapping.
portRange	string	Port range for Vpn NatRule mapping.

VpnNatRuleMode

The Source NAT direction of a VPN NAT.

Name	Type	Description
EgressSnat	string
IngressSnat	string

VpnNatRuleType

The type of NAT rule for VPN NAT.

Name	Type	Description
Dynamic	string
Static	string

VpnPolicyMemberAttributeType

The Vpn Policy member attribute type.

Name	Type	Description
AADGroupId	string
CertificateGroupId	string
RadiusAzureGroupId	string

VpnType

The type of this virtual network gateway.

Name	Type	Description
PolicyBased	string
RouteBased	string