New-AzVpnClientIpsecParameter

Reference

Module:: Az.Network

This command allows the users to create the Vpn ipsec parameters object specifying one or all values such as IpsecEncryption,IpsecIntegrity,IkeEncryption,IkeIntegrity,DhGroup,PfsGroup to set on the existing VPN gateway.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

New-AzVpnClientIpsecParameter
   [-SALifeTime <Int32>]
   [-SADataSize <Int32>]
   [-IpsecEncryption <String>]
   [-IpsecIntegrity <String>]
   [-IkeEncryption <String>]
   [-IkeIntegrity <String>]
   [-DhGroup <String>]
   [-PfsGroup <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

Examples

Example 1

PS C:\> $vpnclientipsecparams1 = New-AzVpnClientIpsecParameter -IpsecEncryption AES256 -IpsecIntegrity SHA256 -SALifeTime 86473 -SADataSize 429498 -IkeEncryption AES256 -IkeIntegrity SHA384 -DhGroup DHGroup2 -PfsGroup PFS2
PS C:\> $setvpnIpsecParams = Set-AzVpnClientIpsecParameter -VirtualNetworkGatewayName $rname -ResourceGroupName $rgname -VpnClientIPsecParameter $vpnclientipsecparams1

New-AzVpnClientIpsecParameter cmdlet is used to create the vpn ipsec parameters object of using the passed one or all parameters' values which user can set for any existing Virtual network gateway in ResourceGroup. This created VpnClientIPsecParameters object is passed to Set-AzVpnClientIpsecParameter command to set the specified Vpn ipsec custom policy on Virtual network gateway as shown in above example. This command returns object of VpnClientIPsecParameters which shows set parameters.

Parameters

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DhGroup

The VpnClient DH Groups used in IKE Phase 1 for initial SA.

Type:	String
Accepted values:	DHGroup24, ECP384, ECP256, DHGroup14, DHGroup2
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-IkeEncryption

The VpnClient IKE encryption algorithm (IKE Phase 2)

Type:	String
Accepted values:	GCMAES256, GCMAES128, AES256, AES128
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-IkeIntegrity

The VpnClient IKE integrity algorithm (IKE Phase 2)

Type:	String
Accepted values:	SHA384, SHA256
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-IpsecEncryption

The VpnClient IPSec encryption algorithm (IKE Phase 1)

Type:	String
Accepted values:	GCMAES256, GCMAES128, AES256, AES128
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-IpsecIntegrity

The VpnClient IPSec integrity algorithm (IKE Phase 1)

Type:	String
Accepted values:	GCMAES256, GCMAES128, SHA256
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-PfsGroup

The VpnClient PFS Groups used in IKE Phase 2 for new child SA

Type:	String
Accepted values:	PFS24, PFSMM, ECP384, ECP256, PFS14, PFS2, None
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SADataSize

The VpnClient IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB

Type:	Int32
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SALifeTime

The VpnClient IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds

Type:	Int32
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

None

Outputs

PSVpnClientIPsecParameters