VPN Custom IPSec Policy

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Deploy To Azure Deploy To Azure US Gov Visualize

This template deploys a Custom IPSec Policy to an existing VPN Gateway.


A custom IPSec Policy allows more granular configuration of the IPSec Parameters. This allows you to deploy a site-to-site VPN Policy to support specific IPSec settings on your VPN Endpoint Device.

This template requires that the Virtual Network Gateway and Local Network Gateway are already present

Deployment steps

You can click the "deploy to Azure" button at the beginning of this document or follow the instructions for command line deployment using the scripts in the root of this repo.

Tags: VPN, IPSec, Site-to-Site, IKE, PFS Group, Perfect Forward Secrecy, DH Group, Diffie-Hellman, Security Association, Microsoft.Network/connections, Microsoft.Network/localNetworkGateways, Microsoft.Network/publicIPAddresses, Microsoft.Network/virtualNetworks, Microsoft.Network/virtualNetworks/subnets, Microsoft.Network/virtualNetworkGateways