Microsoft.Network vpnGateways template reference

Template format

To create a Microsoft.Network/vpnGateways resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Network/vpnGateways",
  "apiVersion": "2018-06-01",
  "location": "string",
  "tags": {},
  "properties": {
    "virtualHub": {
      "id": "string"
    },
    "connections": [
      {
        "id": "string",
        "location": "string",
        "tags": {},
        "properties": {
          "remoteVpnSite": {
            "id": "string"
          },
          "routingWeight": "integer",
          "connectionStatus": "string",
          "sharedKey": "string",
          "enableBgp": boolean,
          "ipsecPolicies": [
            {
              "saLifeTimeSeconds": "integer",
              "saDataSizeKilobytes": "integer",
              "ipsecEncryption": "string",
              "ipsecIntegrity": "string",
              "ikeEncryption": "string",
              "ikeIntegrity": "string",
              "dhGroup": "string",
              "pfsGroup": "string"
            }
          ]
        }
      }
    ],
    "bgpSettings": {
      "asn": "integer",
      "bgpPeeringAddress": "string",
      "peerWeight": "integer"
    },
    "policies": {
      "allowBranchToBranchTraffic": boolean,
      "allowVnetToVnetTraffic": boolean
    }
  },
  "resources": []
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Network/vpnGateways object

Name Type Required Value
name string Yes
type enum Yes Microsoft.Network/vpnGateways
apiVersion enum Yes 2018-06-01
location string No Resource location.
tags object No Resource tags.
properties object Yes VpnGatewayProperties object
resources array No vpnConnections

VpnGatewayProperties object

Name Type Required Value
virtualHub object No The VirtualHub to which the gateway belongs - SubResource object
connections array No list of all vpn connections to the gateway. - VpnConnection object
bgpSettings object No Local network gateway's BGP speaker settings. - BgpSettings object
policies object No The policies applied to this vpn gateway. - Policies object

SubResource object

Name Type Required Value
id string No Resource ID.

VpnConnection object

Name Type Required Value
id string No Resource ID.
location string No Resource location.
tags object No Resource tags.
properties object No VpnConnectionProperties object

BgpSettings object

Name Type Required Value
asn integer No The BGP speaker's ASN.
bgpPeeringAddress string No The BGP peering address and BGP identifier of this BGP speaker.
peerWeight integer No The weight added to routes learned from this BGP speaker.

Policies object

Name Type Required Value
allowBranchToBranchTraffic boolean No True if branch to branch traffic is allowed.
allowVnetToVnetTraffic boolean No True if Vnet to Vnet traffic is allowed.

VpnConnectionProperties object

Name Type Required Value
remoteVpnSite object No Id of the connected vpn site. - SubResource object
routingWeight integer No routing weight for vpn connection.
connectionStatus enum No The connection status. - Unknown, Connecting, Connected, NotConnected
sharedKey string No SharedKey for the vpn connection.
enableBgp boolean No EnableBgp flag
ipsecPolicies array No The IPSec Policies to be considered by this connection. - IpsecPolicy object

IpsecPolicy object

Name Type Required Value
saLifeTimeSeconds integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.
saDataSizeKilobytes integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.
ipsecEncryption enum Yes The IPSec encryption algorithm (IKE phase 1). - None, DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256
ipsecIntegrity enum Yes The IPSec integrity algorithm (IKE phase 1). - MD5, SHA1, SHA256, GCMAES128, GCMAES192, GCMAES256
ikeEncryption enum Yes The IKE encryption algorithm (IKE phase 2). - DES, DES3, AES128, AES192, AES256, GCMAES256, GCMAES128
ikeIntegrity enum Yes The IKE integrity algorithm (IKE phase 2). - MD5, SHA1, SHA256, SHA384, GCMAES256, GCMAES128
dhGroup enum Yes The DH Groups used in IKE Phase 1 for initial SA. - None, DHGroup1, DHGroup2, DHGroup14, DHGroup2048, ECP256, ECP384, DHGroup24
pfsGroup enum Yes The Pfs Groups used in IKE Phase 2 for new child SA. - None, PFS1, PFS2, PFS2048, ECP256, ECP384, PFS24, PFS14, PFSMM

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Creates Virtual wan resources

Deploy to Azure
This template allows you to create virtual wan resources including virtual wan, virtual hub, vpn gateway, vpnsite and a vpn connecton.