Configure a virtual network gateway for ExpressRoute using PowerShell (classic)
This article will walk you through the steps to add, resize, and remove a virtual network (VNet) gateway for a pre-existing VNet. The steps for this configuration are specifically for VNets that were created using the classic deployment model and that will be used in an ExpressRoute configuration.
As of March 1, 2017, you can't create new ExpressRoute circuits in the classic deployment model.
- You can move an existing ExpressRoute circuit from the classic deployment model to the Resource Manager deployment model without experiencing any connectivity down time. For more information, see Move an existing circuit.
- You can connect to virtual networks in the classic deployment model by setting allowClassicOperations to TRUE.
Use the following links to create and manage ExpressRoute circuits in the Resource Manager deployment model:
About Azure deployment models
Azure currently works with two deployment models: Resource Manager and classic. The two models are not completely compatible with each other. Before you begin, you need to know which model that you want to work in. For information about the deployment models, see Understanding deployment models. If you are new to Azure, we recommend that you use the Resource Manager deployment model.
Verify that you have installed the Azure PowerShell cmdlets needed for this configuration (1.0.2 or later). If you haven't installed the cmdlets, you'll need to do so before beginning the configuration steps. For more information about installing Azure PowerShell, see How to install and configure Azure PowerShell.
These examples do not apply to S2S/ExpressRoute coexist configurations. For more information about working with gateways in a coexist configuration, see Configure coexisting connections.
Add a gateway
When you add a gateway to a virtual network using the classic resource model, you modify the network configuration file directly before creating the gateway. The values in the examples below must be present in the file to create a gateway. If your virtual network previously had a gateway associated to it, some of these values will already be present. Modify the file to reflect the values below.
Download the network configuration file
Download the network configuration file using the steps in network configuration file article. Open the file using a text editor.
Add a local network site to the file. You can use any valid address prefix. You can add any valid IP address for the VPN gateway. The address values in this section are not used for ExpressRoute operations, but are required for file validation. In the example, "branch1" is the name of the site. You may use a different name, but be sure to use the same value in the Gateway section of the file.
<VirtualNetworkConfiguration> <Dns /> <LocalNetworkSites> <LocalNetworkSite name="branch1"> <AddressSpace> <AddressPrefix>220.127.116.11/27</AddressPrefix> </AddressSpace> <VPNGatewayAddress>18.104.22.168</VPNGatewayAddress> </LocalNetworkSite>
Navigate to the VirtualNetworkSites and modify the fields.
- Verify that the Gateway Subnet exists for your virtual network. If it does not, you can add one at this time. The name must be "GatewaySubnet".
- Verify the Gateway section of the file exists. If it doesn't, add it. This is required to associate the virtual network with the local network site (which represents the network to which you are connecting).
- Verify that the connection type = Dedicated. This is required for ExpressRoute connections.
</LocalNetworkSites> <VirtualNetworkSites> <VirtualNetworkSite name="myAzureVNET" Location="East US"> <AddressSpace> <AddressPrefix>10.0.0.0/16</AddressPrefix> </AddressSpace> <Subnets> <Subnet name="default"> <AddressPrefix>10.0.0.0/24</AddressPrefix> </Subnet> <Subnet name="GatewaySubnet"> <AddressPrefix>10.0.1.0/27</AddressPrefix> </Subnet> </Subnets> <Gateway> <ConnectionsToLocalNetwork> <LocalNetworkSiteRef name="branch1"> <Connection type="Dedicated" /> </LocalNetworkSiteRef> </ConnectionsToLocalNetwork> </Gateway> </VirtualNetworkSite> </VirtualNetworkSites> </VirtualNetworkConfiguration> </NetworkConfiguration>
Save the file and upload it to Azure.
Create the gateway
Use the command below to create a gateway. Substitute any values for your own.
New-AzureVNetGateway -VNetName "MyAzureVNET" -GatewayType DynamicRouting -GatewaySKU Standard
Verify the gateway was created
Use the command below to verify that the gateway has been created. This command also retrieves the gateway ID, which you need for other operations.
Resize a gateway
There are a number of Gateway SKUs. You can use the following command to change the Gateway SKU at any time.
This command doesn't work for UltraPerformance gateway. To change your gateway to an UltraPerformance gateway, first remove the existing ExpressRoute gateway, and then create a new UltraPerformance gateway. To downgrade your gateway from an UltraPerformance gateway, first remove the UltraPerformance gateway, and then create a new gateway.
Resize-AzureVNetGateway -GatewayId <Gateway ID> -GatewaySKU HighPerformance
Remove a gateway
Use the command below to remove a gateway
Remove-AzureVnetGateway -GatewayId <Gateway ID>
After you have created the VNet gateway, you can link your VNet to an ExpressRoute circuit. See Link a Virtual Network to an ExpressRoute circuit.