New-AzVpnClientIpsecParameter
This command allows the users to create the Vpn ipsec parameters object specifying one or all values such as IpsecEncryption,IpsecIntegrity,IkeEncryption,IkeIntegrity,DhGroup,PfsGroup to set on the existing VPN gateway.
Syntax
New-AzVpnClientIpsecParameter
[-SALifeTime <Int32>]
[-SADataSize <Int32>]
[-IpsecEncryption <String>]
[-IpsecIntegrity <String>]
[-IkeEncryption <String>]
[-IkeIntegrity <String>]
[-DhGroup <String>]
[-PfsGroup <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Description
This command allows the users to create the Vpn ipsec parameters object specifying one or all values such as IpsecEncryption,IpsecIntegrity,IkeEncryption,IkeIntegrity,DhGroup,PfsGroup to set on the existing VPN gateway.
Examples
Example 1
$vpnclientipsecparams1 = New-AzVpnClientIpsecParameter -IpsecEncryption AES256 -IpsecIntegrity SHA256 -SALifeTime 86473 -SADataSize 429498 -IkeEncryption AES256 -IkeIntegrity SHA384 -DhGroup DHGroup2 -PfsGroup PFS2
$setvpnIpsecParams = Set-AzVpnClientIpsecParameter -VirtualNetworkGatewayName $rname -ResourceGroupName $rgname -VpnClientIPsecParameter $vpnclientipsecparams1New-AzVpnClientIpsecParameter cmdlet is used to create the vpn ipsec parameters object of using the passed one or all parameters' values which user can set for any existing Virtual network gateway in ResourceGroup. This created VpnClientIPsecParameters object is passed to Set-AzVpnClientIpsecParameter command to set the specified Vpn ipsec custom policy on Virtual network gateway as shown in above example. This command returns object of VpnClientIPsecParameters which shows set parameters.
Parameters
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DhGroup
The VpnClient DH Groups used in IKE Phase 1 for initial SA.
| Type: | String |
| Accepted values: | DHGroup24, ECP384, ECP256, DHGroup14, DHGroup2 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IkeEncryption
The VpnClient IKE encryption algorithm (IKE Phase 2)
| Type: | String |
| Accepted values: | GCMAES256, GCMAES128, AES256, AES128 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IkeIntegrity
The VpnClient IKE integrity algorithm (IKE Phase 2)
| Type: | String |
| Accepted values: | SHA384, SHA256 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IpsecEncryption
The VpnClient IPSec encryption algorithm (IKE Phase 1)
| Type: | String |
| Accepted values: | GCMAES256, GCMAES128, AES256, AES128 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IpsecIntegrity
The VpnClient IPSec integrity algorithm (IKE Phase 1)
| Type: | String |
| Accepted values: | GCMAES256, GCMAES128, SHA256 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PfsGroup
The VpnClient PFS Groups used in IKE Phase 2 for new child SA
| Type: | String |
| Accepted values: | PFS24, PFSMM, ECP384, ECP256, PFS14, PFS2, None |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SADataSize
The VpnClient IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SALifeTime
The VpnClient IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None