Microsoft.Network vpnGateways template reference
-
- 3 minutes to read
-
To create a Microsoft.Network/vpnGateways resource, add the following JSON to the resources section of your template.
{
"name": "string",
"type": "Microsoft.Network/vpnGateways",
"apiVersion": "2018-12-01",
"location": "string",
"tags": {},
"properties": {
"virtualHub": {
"id": "string"
},
"connections": [
{
"id": "string",
"properties": {
"remoteVpnSite": {
"id": "string"
},
"routingWeight": "integer",
"connectionStatus": "string",
"vpnConnectionProtocolType": "string",
"connectionBandwidth": "integer",
"sharedKey": "string",
"enableBgp": "boolean",
"ipsecPolicies": [
{
"saLifeTimeSeconds": "integer",
"saDataSizeKilobytes": "integer",
"ipsecEncryption": "string",
"ipsecIntegrity": "string",
"ikeEncryption": "string",
"ikeIntegrity": "string",
"dhGroup": "string",
"pfsGroup": "string"
}
],
"enableRateLimiting": "boolean",
"enableInternetSecurity": "boolean"
},
"name": "string"
}
],
"bgpSettings": {
"asn": "integer",
"bgpPeeringAddress": "string",
"peerWeight": "integer"
},
"vpnGatewayScaleUnit": "integer"
},
"resources": []
}
Property values
The following tables describe the values you need to set in the schema.
Microsoft.Network/vpnGateways object
| Name |
Type |
Required |
Value |
| name |
string |
Yes |
The name of the gateway. |
| type |
enum |
Yes |
Microsoft.Network/vpnGateways |
| apiVersion |
enum |
Yes |
2018-12-01 |
| location |
string |
No |
Resource location. |
| tags |
object |
No |
Resource tags. |
| properties |
object |
Yes |
VpnGatewayProperties object |
| resources |
array |
No |
vpnConnections |
VpnGatewayProperties object
| Name |
Type |
Required |
Value |
| virtualHub |
object |
No |
The VirtualHub to which the gateway belongs - SubResource object |
| connections |
array |
No |
List of all vpn connections to the gateway. - VpnConnection object |
| bgpSettings |
object |
No |
Local network gateway's BGP speaker settings. - BgpSettings object |
| vpnGatewayScaleUnit |
integer |
No |
The scale unit for this vpn gateway. |
SubResource object
| Name |
Type |
Required |
Value |
| id |
string |
No |
Resource ID. |
VpnConnection object
| Name |
Type |
Required |
Value |
| id |
string |
No |
Resource ID. |
| properties |
object |
No |
VpnConnectionProperties object |
| name |
string |
No |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
BgpSettings object
| Name |
Type |
Required |
Value |
| asn |
integer |
No |
The BGP speaker's ASN. |
| bgpPeeringAddress |
string |
No |
The BGP peering address and BGP identifier of this BGP speaker. |
| peerWeight |
integer |
No |
The weight added to routes learned from this BGP speaker. |
VpnConnectionProperties object
| Name |
Type |
Required |
Value |
| remoteVpnSite |
object |
No |
Id of the connected vpn site. - SubResource object |
| routingWeight |
integer |
No |
Routing weight for vpn connection. |
| connectionStatus |
enum |
No |
The connection status. - Unknown, Connecting, Connected, NotConnected |
| vpnConnectionProtocolType |
enum |
No |
Connection protocol used for this connection. - IKEv2 or IKEv1 |
| connectionBandwidth |
integer |
No |
Expected bandwidth in MBPS. |
| sharedKey |
string |
No |
SharedKey for the vpn connection. |
| enableBgp |
boolean |
No |
EnableBgp flag |
| ipsecPolicies |
array |
No |
The IPSec Policies to be considered by this connection. - IpsecPolicy object |
| enableRateLimiting |
boolean |
No |
EnableBgp flag |
| enableInternetSecurity |
boolean |
No |
Enable internet security |
IpsecPolicy object
| Name |
Type |
Required |
Value |
| saLifeTimeSeconds |
integer |
Yes |
The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. |
| saDataSizeKilobytes |
integer |
Yes |
The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. |
| ipsecEncryption |
enum |
Yes |
The IPSec encryption algorithm (IKE phase 1). - None, DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256 |
| ipsecIntegrity |
enum |
Yes |
The IPSec integrity algorithm (IKE phase 1). - MD5, SHA1, SHA256, GCMAES128, GCMAES192, GCMAES256 |
| ikeEncryption |
enum |
Yes |
The IKE encryption algorithm (IKE phase 2). - DES, DES3, AES128, AES192, AES256, GCMAES256, GCMAES128 |
| ikeIntegrity |
enum |
Yes |
The IKE integrity algorithm (IKE phase 2). - MD5, SHA1, SHA256, SHA384, GCMAES256, GCMAES128 |
| dhGroup |
enum |
Yes |
The DH Groups used in IKE Phase 1 for initial SA. - None, DHGroup1, DHGroup2, DHGroup14, DHGroup2048, ECP256, ECP384, DHGroup24 |
| pfsGroup |
enum |
Yes |
The Pfs Groups used in IKE Phase 2 for new child SA. - None, PFS1, PFS2, PFS2048, ECP256, ECP384, PFS24, PFS14, PFSMM |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template |
Description |
Creates Virtual wan resources
 |
This template allows you to create virtual wan resources including virtual wan, virtual hub, vpn gateway, vpnsite and a vpn connecton. |
