Virtual Network Gateways - Set Vpnclient Ipsec Parameters

Service:

Network Gateway

API Version:

2023-09-01

The Set VpnclientIpsecParameters operation sets the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworkGateways/{virtualNetworkGatewayName}/setvpnclientipsecparameters?api-version=2023-09-01

URI Parameters

Name	In	Required	Type	Description
resourceGroupName	path	True	string	The name of the resource group.
subscriptionId	path	True	string	The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.
virtualNetworkGatewayName	path	True	string	The name of the virtual network gateway.
api-version	query	True	string	Client API version.

Request Body

Name	Required	Type	Description
dhGroup	True	DhGroup	The DH Group used in IKE Phase 1 for initial SA.
ikeEncryption	True	IkeEncryption	The IKE encryption algorithm (IKE phase 2).
ikeIntegrity	True	IkeIntegrity	The IKE integrity algorithm (IKE phase 2).
ipsecEncryption	True	IpsecEncryption	The IPSec encryption algorithm (IKE phase 1).
ipsecIntegrity	True	IpsecIntegrity	The IPSec integrity algorithm (IKE phase 1).
pfsGroup	True	PfsGroup	The Pfs Group used in IKE Phase 2 for new child SA.
saDataSizeKilobytes	True	integer	The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for P2S client..
saLifeTimeSeconds	True	integer	The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for P2S client.

Responses

Name	Type	Description
200 OK	VpnClientIPsecParameters	Request successful. The operation sets the specified vpnclient ipsec parameters for P2S client of the virtual network gateway.
202 Accepted		Accepted and the operation will complete asynchronously.
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Set VirtualNetworkGateway VpnClientIpsecParameters

Sample Request

HTTP

POST https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworkGateways/vpngw/setvpnclientipsecparameters?api-version=2023-09-01

{
  "saLifeTimeSeconds": 86473,
  "saDataSizeKilobytes": 429497,
  "ipsecEncryption": "AES256",
  "ipsecIntegrity": "SHA256",
  "ikeEncryption": "AES256",
  "ikeIntegrity": "SHA384",
  "dhGroup": "DHGroup2",
  "pfsGroup": "PFS2"
}

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python virtual_network_gateway_set_vpn_client_ipsec_parameters.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.virtual_network_gateways.begin_set_vpnclient_ipsec_parameters(
        resource_group_name="rg1",
        virtual_network_gateway_name="vpngw",
        vpnclient_ipsec_params={
            "dhGroup": "DHGroup2",
            "ikeEncryption": "AES256",
            "ikeIntegrity": "SHA384",
            "ipsecEncryption": "AES256",
            "ipsecIntegrity": "SHA256",
            "pfsGroup": "PFS2",
            "saDataSizeKilobytes": 429497,
            "saLifeTimeSeconds": 86473,
        },
    ).result()
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/VirtualNetworkGatewaySetVpnClientIpsecParameters.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/VirtualNetworkGatewaySetVpnClientIpsecParameters.json
func ExampleVirtualNetworkGatewaysClient_BeginSetVpnclientIPSecParameters() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewVirtualNetworkGatewaysClient().BeginSetVpnclientIPSecParameters(ctx, "rg1", "vpngw", armnetwork.VPNClientIPsecParameters{
		DhGroup:             to.Ptr(armnetwork.DhGroupDHGroup2),
		IkeEncryption:       to.Ptr(armnetwork.IkeEncryptionAES256),
		IkeIntegrity:        to.Ptr(armnetwork.IkeIntegritySHA384),
		IPSecEncryption:     to.Ptr(armnetwork.IPSecEncryptionAES256),
		IPSecIntegrity:      to.Ptr(armnetwork.IPSecIntegritySHA256),
		PfsGroup:            to.Ptr(armnetwork.PfsGroupPFS2),
		SaDataSizeKilobytes: to.Ptr[int32](429497),
		SaLifeTimeSeconds:   to.Ptr[int32](86473),
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.VPNClientIPsecParameters = armnetwork.VPNClientIPsecParameters{
	// 	DhGroup: to.Ptr(armnetwork.DhGroupDHGroup2),
	// 	IkeEncryption: to.Ptr(armnetwork.IkeEncryptionAES256),
	// 	IkeIntegrity: to.Ptr(armnetwork.IkeIntegritySHA384),
	// 	IPSecEncryption: to.Ptr(armnetwork.IPSecEncryptionAES256),
	// 	IPSecIntegrity: to.Ptr(armnetwork.IPSecIntegritySHA256),
	// 	PfsGroup: to.Ptr(armnetwork.PfsGroupPFS2),
	// 	SaDataSizeKilobytes: to.Ptr[int32](429497),
	// 	SaLifeTimeSeconds: to.Ptr[int32](86473),
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to The Set VpnclientIpsecParameters operation sets the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.
 *
 * @summary The Set VpnclientIpsecParameters operation sets the vpnclient ipsec policy for P2S client of virtual network gateway in the specified resource group through Network resource provider.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/VirtualNetworkGatewaySetVpnClientIpsecParameters.json
 */
async function setVirtualNetworkGatewayVpnClientIpsecParameters() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const virtualNetworkGatewayName = "vpngw";
  const vpnclientIpsecParams = {
    dhGroup: "DHGroup2",
    ikeEncryption: "AES256",
    ikeIntegrity: "SHA384",
    ipsecEncryption: "AES256",
    ipsecIntegrity: "SHA256",
    pfsGroup: "PFS2",
    saDataSizeKilobytes: 429497,
    saLifeTimeSeconds: 86473,
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.virtualNetworkGateways.beginSetVpnclientIpsecParametersAndWait(
    resourceGroupName,
    virtualNetworkGatewayName,
    vpnclientIpsecParams,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/VirtualNetworkGatewaySetVpnClientIpsecParameters.json
// this example is just showing the usage of "VirtualNetworkGateways_SetVpnclientIpsecParameters" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this VirtualNetworkGatewayResource created on azure
// for more information of creating VirtualNetworkGatewayResource, please refer to the document of VirtualNetworkGatewayResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string virtualNetworkGatewayName = "vpngw";
ResourceIdentifier virtualNetworkGatewayResourceId = VirtualNetworkGatewayResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, virtualNetworkGatewayName);
VirtualNetworkGatewayResource virtualNetworkGateway = client.GetVirtualNetworkGatewayResource(virtualNetworkGatewayResourceId);

// invoke the operation
VpnClientIPsecParameters vpnclientIPsecParams = new VpnClientIPsecParameters(86473, 429497, IPsecEncryption.Aes256, IPsecIntegrity.Sha256, IkeEncryption.Aes256, IkeIntegrity.Sha384, DHGroup.DHGroup2, PfsGroup.Pfs2);
ArmOperation<VpnClientIPsecParameters> lro = await virtualNetworkGateway.SetVpnclientIPsecParametersAsync(WaitUntil.Completed, vpnclientIPsecParams);
VpnClientIPsecParameters result = lro.Value;

Console.WriteLine($"Succeeded: {result}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

202

Azure-AsyncOperation: https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/locations/eastus/operations/00000000-0000-0000-0000-000000000000?api-version=2023-09-01

Status code:

200

{
  "saLifeTimeSeconds": 86473,
  "saDataSizeKilobytes": 429497,
  "ipsecEncryption": "AES256",
  "ipsecIntegrity": "SHA256",
  "ikeEncryption": "AES256",
  "ikeIntegrity": "SHA384",
  "dhGroup": "DHGroup2",
  "pfsGroup": "PFS2"
}

Definitions

Name	Description
CloudError	An error response from the service.
CloudErrorBody	An error response from the service.
DhGroup	The DH Groups used in IKE Phase 1 for initial SA.
IkeEncryption	The IKE encryption algorithm (IKE phase 2).
IkeIntegrity	The IKE integrity algorithm (IKE phase 2).
IpsecEncryption	The IPSec encryption algorithm (IKE phase 1).
IpsecIntegrity	The IPSec integrity algorithm (IKE phase 1).
PfsGroup	The Pfs Groups used in IKE Phase 2 for new child SA.
VpnClientIPsecParameters	An IPSec parameters for a virtual network gateway P2S connection.

CloudError

An error response from the service.

Name	Type	Description
error	CloudErrorBody	Cloud error body.

CloudErrorBody

An error response from the service.

Name	Type	Description
code	string	An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
details	CloudErrorBody[]	A list of additional details about the error.
message	string	A message describing the error, intended to be suitable for display in a user interface.
target	string	The target of the particular error. For example, the name of the property in error.

DhGroup

The DH Groups used in IKE Phase 1 for initial SA.

Name	Type	Description
DHGroup1	string
DHGroup14	string
DHGroup2	string
DHGroup2048	string
DHGroup24	string
ECP256	string
ECP384	string
None	string

IkeEncryption

The IKE encryption algorithm (IKE phase 2).

Name	Type	Description
AES128	string
AES192	string
AES256	string
DES	string
DES3	string
GCMAES128	string
GCMAES256	string

IkeIntegrity

The IKE integrity algorithm (IKE phase 2).

Name	Type	Description
GCMAES128	string
GCMAES256	string
MD5	string
SHA1	string
SHA256	string
SHA384	string

IpsecEncryption

The IPSec encryption algorithm (IKE phase 1).

Name	Type	Description
AES128	string
AES192	string
AES256	string
DES	string
DES3	string
GCMAES128	string
GCMAES192	string
GCMAES256	string
None	string

IpsecIntegrity

The IPSec integrity algorithm (IKE phase 1).

Name	Type	Description
GCMAES128	string
GCMAES192	string
GCMAES256	string
MD5	string
SHA1	string
SHA256	string

PfsGroup

The Pfs Groups used in IKE Phase 2 for new child SA.

Name	Type	Description
ECP256	string
ECP384	string
None	string
PFS1	string
PFS14	string
PFS2	string
PFS2048	string
PFS24	string
PFSMM	string

VpnClientIPsecParameters

An IPSec parameters for a virtual network gateway P2S connection.

Name	Type	Description
dhGroup	DhGroup	The DH Group used in IKE Phase 1 for initial SA.
ikeEncryption	IkeEncryption	The IKE encryption algorithm (IKE phase 2).
ikeIntegrity	IkeIntegrity	The IKE integrity algorithm (IKE phase 2).
ipsecEncryption	IpsecEncryption	The IPSec encryption algorithm (IKE phase 1).
ipsecIntegrity	IpsecIntegrity	The IPSec integrity algorithm (IKE phase 1).
pfsGroup	PfsGroup	The Pfs Group used in IKE Phase 2 for new child SA.
saDataSizeKilobytes	integer	The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for P2S client..
saLifeTimeSeconds	integer	The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for P2S client.