Microsoft.Network virtualNetworks/virtualNetworkPeerings template reference

Template format

To create a Microsoft.Network/virtualNetworks/virtualNetworkPeerings resource, add the following JSON to the resources section of your template.

  "name": "string",
  "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
  "apiVersion": "2018-06-01",
  "properties": {
    "allowVirtualNetworkAccess": boolean,
    "allowForwardedTraffic": boolean,
    "allowGatewayTransit": boolean,
    "useRemoteGateways": boolean,
    "remoteVirtualNetwork": {
      "id": "string"
    "remoteAddressSpace": {
      "addressPrefixes": [
    "peeringState": "string"

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Network/virtualNetworks/virtualNetworkPeerings object


In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name Type Required Value
name string Yes
type enum Yes For JSON - Microsoft.Network/virtualNetworks/virtualNetworkPeerings
apiVersion enum Yes For JSON - 2018-06-01
properties object Yes Properties of the virtual network peering. - VirtualNetworkPeeringPropertiesFormat object

VirtualNetworkPeeringPropertiesFormat object

Name Type Required Value
allowVirtualNetworkAccess boolean No Whether the VMs in the linked virtual network space would be able to access all the VMs in local Virtual network space.
allowForwardedTraffic boolean No Whether the forwarded traffic from the VMs in the remote virtual network will be allowed/disallowed.
allowGatewayTransit boolean No If gateway links can be used in remote virtual networking to link to this virtual network.
useRemoteGateways boolean No If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway.
remoteVirtualNetwork object No The reference of the remote virtual network. The remote virtual network can be in the same or different region (preview). See here to register for the preview and learn more ( - SubResource object
remoteAddressSpace object No The reference of the remote virtual network address space. - AddressSpace object
peeringState enum No The status of the virtual network peering. Possible values are 'Initiated', 'Connected', and 'Disconnected'. - Initiated, Connected, Disconnected

SubResource object

Name Type Required Value
id string No Resource ID.

AddressSpace object

Name Type Required Value
addressPrefixes array No A list of address blocks reserved for this virtual network in CIDR notation. - string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Deploy a Hub and Spoke topology sandbox

Deploy to Azure
This template creates a basic hub-and-spoke topology setup. It creates a Hub VNet with subnets DMZ, Management, Shared and Gateway (optionally), with two Spoke VNets (development and production) containing a workload subnet each. It also deploys a Windows Jump-Host on the Management subnet of the HUB, and establishes VNet peerings between the Hub and the two spokes.
Deploy HBase replication with two VNets in one region

Deploy to Azure
This template allows you to configure aN HBase environment with two HBase clusters within two VNets in the same region for configuring HBase replication.
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology

Deploy to Azure
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Create an Azure Firewall sandbox with forced tunneling

Deploy to Azure
This template creates an Azure Firewall sandbox (Linux) with one firewall force tunneled through another firewall in a peered VNET
Deploy a Bastion host in a hub Virtual Network

Deploy to Azure
This template creates two vNets with peerings, a Bastion host in the Hub vNet and a Linux VM in the spoke vNet
Peer two existing VNets within a single region

Deploy to Azure
This template allows you to connect two VNETs from the same or different resource groups in the same region using VNet Peering
Create a vNet to vNet connection using vNet Peering

Deploy to Azure
This template allows you to connect two vNets using vNet Peering