Microsoft.Network vpnGateways/vpnConnections template reference

Template format

To create a Microsoft.Network/vpnGateways/vpnConnections resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Network/vpnGateways/vpnConnections",
  "apiVersion": "2019-04-01",
  "properties": {
    "remoteVpnSite": {
      "id": "string"
    },
    "routingWeight": "integer",
    "connectionStatus": "string",
    "vpnConnectionProtocolType": "string",
    "connectionBandwidth": "integer",
    "sharedKey": "string",
    "enableBgp": "boolean",
    "usePolicyBasedTrafficSelectors": "boolean",
    "ipsecPolicies": [
      {
        "saLifeTimeSeconds": "integer",
        "saDataSizeKilobytes": "integer",
        "ipsecEncryption": "string",
        "ipsecIntegrity": "string",
        "ikeEncryption": "string",
        "ikeIntegrity": "string",
        "dhGroup": "string",
        "pfsGroup": "string"
      }
    ],
    "enableRateLimiting": "boolean",
    "enableInternetSecurity": "boolean",
    "useLocalAzureIpAddress": "boolean"
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Network/vpnGateways/vpnConnections object

Name Type Required Value
name string Yes The name of the connection.
type enum Yes vpnConnections
-or-
Microsoft.Network/vpnGateways/vpnConnections

See Set name and type for child resources.
apiVersion enum Yes 2019-04-01
properties object Yes Properties of the VPN connection. - VpnConnectionProperties object

VpnConnectionProperties object

Name Type Required Value
remoteVpnSite object No Id of the connected vpn site. - SubResource object
routingWeight integer No Routing weight for vpn connection.
connectionStatus enum No The connection status. - Unknown, Connecting, Connected, NotConnected
vpnConnectionProtocolType enum No Connection protocol used for this connection. - IKEv2 or IKEv1
connectionBandwidth integer No Expected bandwidth in MBPS.
sharedKey string No SharedKey for the vpn connection.
enableBgp boolean No EnableBgp flag.
usePolicyBasedTrafficSelectors boolean No Enable policy-based traffic selectors.
ipsecPolicies array No The IPSec Policies to be considered by this connection. - IpsecPolicy object
enableRateLimiting boolean No EnableBgp flag.
enableInternetSecurity boolean No Enable internet security.
useLocalAzureIpAddress boolean No Use local azure ip to initiate connection.

SubResource object

Name Type Required Value
id string No Resource ID.

IpsecPolicy object

Name Type Required Value
saLifeTimeSeconds integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.
saDataSizeKilobytes integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.
ipsecEncryption enum Yes The IPSec encryption algorithm (IKE phase 1). - None, DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256
ipsecIntegrity enum Yes The IPSec integrity algorithm (IKE phase 1). - MD5, SHA1, SHA256, GCMAES128, GCMAES192, GCMAES256
ikeEncryption enum Yes The IKE encryption algorithm (IKE phase 2). - DES, DES3, AES128, AES192, AES256, GCMAES256, GCMAES128
ikeIntegrity enum Yes The IKE integrity algorithm (IKE phase 2). - MD5, SHA1, SHA256, SHA384, GCMAES256, GCMAES128
dhGroup enum Yes The DH Group used in IKE Phase 1 for initial SA. - None, DHGroup1, DHGroup2, DHGroup14, DHGroup2048, ECP256, ECP384, DHGroup24
pfsGroup enum Yes The Pfs Group used in IKE Phase 2 for new child SA. - None, PFS1, PFS2, PFS2048, ECP256, ECP384, PFS24, PFS14, PFSMM