Create a VPN Gateway and add a Site-to-Site connection using PowerShell
This script creates a route-based VPN Gateway and adds Site-to-Site configuration. In order to create the connection, you also need to configure your VPN device. For more information, see About VPN devices and IPsec/IKE parameters for Site-to-Site VPN Gateway connections.
# Declare variables
$VNetName = "VNet1"
$RG = "TestRG1"
$Location = "East US"
$FESubName = "FrontEnd"
$BESubName = "BackEnd"
$GWSubName = "GatewaySubnet"
$VNetPrefix1 = "10.1.0.0/16"
$FESubPrefix = "10.1.0.0/24"
$BESubPrefix = "10.1.1.0/24"
$GWSubPrefix = "10.1.255.0/27"
$VPNClientAddressPool = "192.168.0.0/24"
$GWName = "VNet1GW"
$GWIPName = "VNet1GWIP"
$GWIPconfName = "gwipconf"
$LNGName = "Site1"
# Create a resource group
New-AzResourceGroup -Name $RG -Location $Location
# Create a virtual network
$virtualNetwork = New-AzVirtualNetwork `
-ResourceGroupName $RG `
-Location $Location `
-Name $VNetName `
-AddressPrefix $VNetPrefix1
# Create a subnet configuration
$subnetConfig = Add-AzVirtualNetworkSubnetConfig `
-Name $FESubName `
-AddressPrefix $FESubPrefix `
-VirtualNetwork $virtualNetwork
# Set the subnet configuration for the virtual network
$virtualNetwork | Set-AzVirtualNetwork
# Add a gateway subnet
$vnet = Get-AzVirtualNetwork -ResourceGroupName $RG -Name $VNetName
Add-AzVirtualNetworkSubnetConfig -Name $GWSubName -AddressPrefix $GWSubPrefix -VirtualNetwork $vnet
# Set the subnet configuration for the virtual network
$vnet | Set-AzVirtualNetwork
# Request a public IP address
$gwpip= New-AzPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Location `
-AllocationMethod Dynamic
# Create the gateway IP address configuration
$vnet = Get-AzVirtualNetwork -Name $VNetName -ResourceGroupName $RG
$subnet = Get-AzVirtualNetworkSubnetConfig -Name $GWSubName -VirtualNetwork $vnet
$gwipconfig = New-AzVirtualNetworkGatewayIpConfig -Name $GWIPconfName -SubnetId $subnet.Id -PublicIpAddressId $gwpip.Id
# Create the VPN gateway
New-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG `
-Location $Location -IpConfigurations $gwipconfig -GatewayType Vpn `
-VpnType RouteBased -GatewaySku VpnGw1
# Create the local network gateway
New-AzLocalNetworkGateway -Name $LNGName -ResourceGroupName $RG `
-Location $Location -GatewayIpAddress '23.99.221.164' -AddressPrefix @('10.101.0.0/24','10.101.1.0/24')
# Configure your on-premises VPN device
# Create the VPN connection
$gateway1 = Get-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG
$local = Get-AzLocalNetworkGateway -Name $LNGName -ResourceGroupName $RG
New-AzVirtualNetworkGatewayConnection -Name VNet1toSite1 -ResourceGroupName $RG `
-Location $Location -VirtualNetworkGateway1 $gateway1 -LocalNetworkGateway2 $local `
-ConnectionType IPsec -ConnectionProtocol IKEv2 -RoutingWeight 10 -SharedKey 'abc123'
Clean up resources
When you no longer need the resources you created, use the Remove-AzResourceGroup command to delete the resource group. This will delete the resource group and all of the resources it contains.
Remove-AzResourceGroup -Name TestRG1
Script explanation
This script uses the following commands to create the deployment. Each item in the table links to command specific documentation.
| Command | Notes |
|---|---|
| Add-AzVirtualNetworkSubnetConfig | Adds a subnet configuration. This configuration is used with the virtual network creation process. |
| Get-AzVirtualNetwork | Gets virtual network details. |
| Get-AzVirtualNetworkGateway | Gets virtual network gateway details. |
| Get-AzLocalNetworkGateway | Gets local network gateway details. |
| Get-AzVirtualNetworkSubnetConfig | Gets the virtual network subnet configuration details. |
| New-AzResourceGroup | Creates a resource group in which all resources are stored. |
| New-AzVirtualNetworkSubnetConfig | Creates a subnet configuration. This configuration is used with the virtual network creation process. |
| New-AzVirtualNetwork | Creates a virtual network. |
| New-AzPublicIpAddress | Creates a public IP address. |
| New-AzVirtualNetworkGatewayIpConfig | Creates a new gateway ip configuration. |
| New-AzVirtualNetworkGateway | Creates a VPN gateway. |
| New-AzLocalNetworkGateway | Creates a local network gateway. |
| New-AzVirtualNetworkGatewayConnection | Creates a site-to-site connection. |
| Remove-AzResourceGroup | Removes a resource group and all resources contained within. |
| Set-AzVirtualNetwork | Sets the subnet configuration for the virtual network. |
| Set-AzVirtualNetworkGateway | Sets the configuration for the VPN gateway. |
Next steps
For more information on the Azure PowerShell module, see Azure PowerShell documentation.
Povratne informacije
Pošalјite i prikažite povratne informacije za