Update-AzVpnConnection
Updates a VPN connection.
Note
This is the previous version of our documentation. Please consult the most recent version for up-to-date information.
Syntax
Update-AzVpnConnection
-ResourceGroupName <String>
-ParentResourceName <String>
-Name <String>
[-SharedKey <SecureString>]
[-ConnectionBandwidthInMbps <UInt32>]
[-IpSecPolicy <PSIpsecPolicy>]
[-TrafficSelectorPolicy <PSTrafficSelectorPolicy[]>]
[-EnableBgp <Boolean>]
[-UseLocalAzureIpAddress <Boolean>]
[-UsePolicyBasedTrafficSelectors <Boolean>]
[-VpnSiteLinkConnection <PSVpnSiteLinkConnection[]>]
[-EnableInternetSecurity <Boolean>]
[-RoutingConfiguration <PSRoutingConfiguration>]
[-VpnLinkConnectionMode <String>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-AzVpnConnection
-ResourceId <String>
[-SharedKey <SecureString>]
[-ConnectionBandwidthInMbps <UInt32>]
[-IpSecPolicy <PSIpsecPolicy>]
[-TrafficSelectorPolicy <PSTrafficSelectorPolicy[]>]
[-EnableBgp <Boolean>]
[-UseLocalAzureIpAddress <Boolean>]
[-UsePolicyBasedTrafficSelectors <Boolean>]
[-VpnSiteLinkConnection <PSVpnSiteLinkConnection[]>]
[-EnableInternetSecurity <Boolean>]
[-RoutingConfiguration <PSRoutingConfiguration>]
[-VpnLinkConnectionMode <String>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-AzVpnConnection
-InputObject <PSVpnConnection>
[-SharedKey <SecureString>]
[-ConnectionBandwidthInMbps <UInt32>]
[-IpSecPolicy <PSIpsecPolicy>]
[-TrafficSelectorPolicy <PSTrafficSelectorPolicy[]>]
[-EnableBgp <Boolean>]
[-UseLocalAzureIpAddress <Boolean>]
[-UsePolicyBasedTrafficSelectors <Boolean>]
[-VpnSiteLinkConnection <PSVpnSiteLinkConnection[]>]
[-EnableInternetSecurity <Boolean>]
[-RoutingConfiguration <PSRoutingConfiguration>]
[-VpnLinkConnectionMode <String>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Update-AzVpnConnection cmdlet updates a VPN connection.
VPN connection creates an IPsec connection that connects a VPN gateway to a remote customer branch represented in Azure as a VPN site.
Examples
Example 1
PS C:\> New-AzResourceGroup -Location "West US" -Name "testRG"
PS C:\> $virtualWan = New-AzVirtualWan -ResourceGroupName testRG -Name myVirtualWAN -Location "West US"
PS C:\> $virtualHub = New-AzVirtualHub -VirtualWan $virtualWan -ResourceGroupName "testRG" -Name "westushub" -AddressPrefix "10.0.0.1/24"
PS C:\> New-AzVpnGateway -ResourceGroupName "testRG" -Name "testvpngw" -VirtualHubId $virtualHub.Id -BGPPeeringWeight 10 -VpnGatewayScaleUnit 2
PS C:\> $vpnGateway = Get-AzVpnGateway -ResourceGroupName "testRG" -Name "testvpngw"
PS C:\> $vpnSiteAddressSpaces = New-Object string[] 2
PS C:\> $vpnSiteAddressSpaces[0] = "192.168.2.0/24"
PS C:\> $vpnSiteAddressSpaces[1] = "192.168.3.0/24"
PS C:\> $vpnSite = New-AzVpnSite -ResourceGroupName "testRG" -Name "testVpnSite" -Location "West US" -VirtualWan $virtualWan -IpAddress "1.2.3.4" -AddressSpace $vpnSiteAddressSpaces -DeviceModel "SomeDevice" -DeviceVendor "SomeDeviceVendor" -LinkSpeedInMbps "10"
PS C:\> $vpnConnection = New-AzVpnConnection -ResourceGroupName $vpnGateway.ResourceGroupName -ParentResourceName $vpnGateway.Name -Name "testConnection" -VpnSite $vpnSite
PS C:\> $ipsecPolicy = New-AzIpsecPolicy -SALifeTimeSeconds 1000 -SADataSizeKilobytes 2000 -IpsecEncryption "GCMAES256" -IpsecIntegrity "GCMAES256" -IkeEncryption "AES256" -IkeIntegrity "SHA256" -DhGroup "DHGroup14" -PfsGroup "PFS2048"
PS C:\> Update-AzVpnConnection -InputObject $vpnConnection -IpSecPolicy $ipsecPolicy
RemoteVpnSite : Microsoft.Azure.Commands.Network.Models.PSResourceId
SharedKey :
VpnConnectionProtocolType : IKEv2
ConnectionStatus :
EgressBytesTransferred : 0
IngressBytesTransferred : 0
IpsecPolicies : {Microsoft.Azure.Commands.Network.Models.PSIpsecPolicy}
ConnectionBandwidth : 20
EnableBgp : False
UseLocalAzureIpAddress : False
ProvisioningState : testConnection
Name : ps9709
Etag : W/"4580a2e2-2fab-4cff-88eb-92013a76b5a8"
Id : /subscriptions/{subscriptionId}/resourceGroups/ps9361/providers/Microsoft.Network/vpnGateways/testvpngw/vpnConnections/testConnection
RoutingConfiguration : {
"AssociatedRouteTable": {
"Id": "/subscriptions/{subscriptionId}/resourceGroups/testRg/providers/Microsoft.Network/virtualHubs/westushub/hubRouteTables/defaultRouteTable"
}
"PropagatedRouteTables": {
"Labels": [],
"Ids": [
{
"Id": "/subscriptions/{subscriptionId}/resourceGroups/testRg/providers/Microsoft.Network/virtualHubs/westushub/hubRouteTables/defaultRouteTable"
}
]
},
"VnetRoutes": {
"StaticRoutes": []
}
}The above will create a resource group, Virtual WAN, Virtual Network, Virtual Hub and a VpnSite in West US in "testRG" resource group in Azure. A VPN gateway will be created thereafter in the Virtual Hub with 2 scale units.
Once the gateway has been created, it is connected to the VpnSite using the New-AzVpnConnection command.
The connection is then updated to have a new IpSecPolicy by using the Set-AzVpnConnection command.
Example 2
PS C:\> New-AzResourceGroup -Location "West US" -Name "testRG"
PS C:\> $virtualWan = New-AzVirtualWan -ResourceGroupName testRG -Name myVirtualWAN -Location "West US"
PS C:\> $virtualHub = New-AzVirtualHub -VirtualWan $virtualWan -ResourceGroupName "testRG" -Name "westushub" -AddressPrefix "10.0.0.1/24"
PS C:\> New-AzVpnGateway -ResourceGroupName "testRG" -Name "testvpngw" -VirtualHubId $virtualHub.Id -BGPPeeringWeight 10 -VpnGatewayScaleUnit 2
PS C:\> $vpnGateway = Get-AzVpnGateway -ResourceGroupName "testRG" -Name "testvpngw"
PS C:\> $vpnSiteAddressSpaces = New-Object string[] 2
PS C:\> $vpnSiteAddressSpaces[0] = "192.168.2.0/24"
PS C:\> $vpnSiteAddressSpaces[1] = "192.168.3.0/24"
PS C:\> $vpnSite = New-AzVpnSite -ResourceGroupName "testRG" -Name "testVpnSite" -Location "West US" -VirtualWan $virtualWan -IpAddress "1.2.3.4" -AddressSpace $vpnSiteAddressSpaces -DeviceModel "SomeDevice" -DeviceVendor "SomeDeviceVendor" -LinkSpeedInMbps "10"
PS C:\> $vpnConnection = New-AzVpnConnection -ResourceGroupName $vpnGateway.ResourceGroupName -ParentResourceName $vpnGateway.Name -Name "testConnection" -VpnSite $vpnSite
PS C:\> $Secure_String_Pwd = Read-Host -AsSecureString
PS C:\> Update-AzVpnConnection -InputObject $vpnConnection -SharedKey $Secure_String_Pwd
RemoteVpnSite : Microsoft.Azure.Commands.Network.Models.PSResourceId
SharedKey :
VpnConnectionProtocolType : IKEv2
ConnectionStatus :
EgressBytesTransferred : 0
IngressBytesTransferred : 0
IpsecPolicies : {Microsoft.Azure.Commands.Network.Models.PSIpsecPolicy}
ConnectionBandwidth : 20
EnableBgp : False
UseLocalAzureIpAddress : False
ProvisioningState : testConnection
Name : ps9709
Etag : W/"4580a2e2-2fab-4cff-88eb-92013a76b5a8"
Id : /subscriptions/{subscriptionId}/resourceGroups/ps9361/providers/Microsoft.Network/vpnGateways/testvpngw/vpnConnections/testConnection
RoutingConfiguration : {
"AssociatedRouteTable": {
"Id": "/subscriptions/{subscriptionId}/resourceGroups/testRg/providers/Microsoft.Network/virtualHubs/westushub/hubRouteTables/defaultRouteTable"
}
"PropagatedRouteTables": {
"Labels": [],
"Ids": [
{
"Id": "/subscriptions/{subscriptionId}/resourceGroups/testRg/providers/Microsoft.Network/virtualHubs/westushub/hubRouteTables/defaultRouteTable"
}
]
},
"VnetRoutes": {
"StaticRoutes": []
}
}The above will create a resource group, Virtual WAN, Virtual Network, Virtual Hub and a VpnSite in West US in "testRG" resource group in Azure. A VPN gateway will be created thereafter in the Virtual Hub with 2 scale units.
Once the gateway has been created, it is connected to the VpnSite using the New-AzVpnConnection command.
The connection is then updated to have a new shared key using the secure string construct.
Parameters
-AsJob
Run cmdlet in the background
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ConnectionBandwidthInMbps
The bandwidth that needs to be handled by this connection in mbps.
| Type: | UInt32 |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableBgp
Enable BGP for this connection
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnableInternetSecurity
Enable internet security for this connection
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
The VpnConnection object to update.
| Type: | PSVpnConnection |
| Aliases: | VpnConnection |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-IpSecPolicy
The bandwidth that needs to be handled by this connection in mbps.
| Type: | PSIpsecPolicy |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
The resource name.
| Type: | String |
| Aliases: | ResourceName, VpnConnectionName |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ParentResourceName
The parent resource name.
| Type: | String |
| Aliases: | ParentVpnGatewayName, VpnGatewayName |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
The resource group name.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceId
The resource id of the VpnConnection object to delete.
| Type: | String |
| Aliases: | VpnConnectionId |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-RoutingConfiguration
Routing configuration for this connection
| Type: | PSRoutingConfiguration |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SharedKey
The shared key required to set this connection up.
| Type: | SecureString |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-TrafficSelectorPolicy
A list of Traffic Selector policies.
| Type: | PSTrafficSelectorPolicy[] |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UseLocalAzureIpAddress
Use local azure ip address as source address while initiating connection.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UsePolicyBasedTrafficSelectors
Use policy based traffic selectors for this connection.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-VpnLinkConnectionMode
The connection mode for all VpnSiteLinkConnections in this VpnConnection
| Type: | String |
| Position: | Named |
| Default value: | Default |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-VpnSiteLinkConnection
The list of VpnSiteLinkConnections that this VpnConnection needs to have.
| Type: | PSVpnSiteLinkConnection[] |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |