Microsoft.Network connections template reference
07/14/2020
9 minutes to read
In this article
To create a Microsoft.Network/connections resource, add the following JSON to the resources section of your template.
{
"name": "string",
"type": "Microsoft.Network/connections",
"apiVersion": "2019-06-01",
"location": "string",
"tags": {},
"properties": {
"authorizationKey": "string",
"virtualNetworkGateway1": {
"id": "string",
"location": "string",
"tags": {},
"properties": {
"ipConfigurations": [
{
"id": "string",
"properties": {
"privateIPAllocationMethod": "string",
"subnet": {
"id": "string"
},
"publicIPAddress": {
"id": "string"
}
},
"name": "string"
}
],
"gatewayType": "string",
"vpnType": "string",
"enableBgp": "boolean",
"activeActive": "boolean",
"gatewayDefaultSite": {
"id": "string"
},
"sku": {
"name": "string",
"tier": "string",
"capacity": "integer"
},
"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"string"
]
},
"vpnClientRootCertificates": [
{
"id": "string",
"properties": {
"publicCertData": "string"
},
"name": "string"
}
],
"vpnClientRevokedCertificates": [
{
"id": "string",
"properties": {
"thumbprint": "string"
},
"name": "string"
}
],
"vpnClientProtocols": [
"string"
],
"vpnClientIpsecPolicies": [
{
"saLifeTimeSeconds": "integer",
"saDataSizeKilobytes": "integer",
"ipsecEncryption": "string",
"ipsecIntegrity": "string",
"ikeEncryption": "string",
"ikeIntegrity": "string",
"dhGroup": "string",
"pfsGroup": "string"
}
],
"radiusServerAddress": "string",
"radiusServerSecret": "string",
"aadTenant": "string",
"aadAudience": "string",
"aadIssuer": "string"
},
"bgpSettings": {
"asn": "integer",
"bgpPeeringAddress": "string",
"peerWeight": "integer"
},
"customRoutes": {
"addressPrefixes": [
"string"
]
},
"resourceGuid": "string"
}
},
"virtualNetworkGateway2": {
"id": "string",
"location": "string",
"tags": {},
"properties": {
"ipConfigurations": [
{
"id": "string",
"properties": {
"privateIPAllocationMethod": "string",
"subnet": {
"id": "string"
},
"publicIPAddress": {
"id": "string"
}
},
"name": "string"
}
],
"gatewayType": "string",
"vpnType": "string",
"enableBgp": "boolean",
"activeActive": "boolean",
"gatewayDefaultSite": {
"id": "string"
},
"sku": {
"name": "string",
"tier": "string",
"capacity": "integer"
},
"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"string"
]
},
"vpnClientRootCertificates": [
{
"id": "string",
"properties": {
"publicCertData": "string"
},
"name": "string"
}
],
"vpnClientRevokedCertificates": [
{
"id": "string",
"properties": {
"thumbprint": "string"
},
"name": "string"
}
],
"vpnClientProtocols": [
"string"
],
"vpnClientIpsecPolicies": [
{
"saLifeTimeSeconds": "integer",
"saDataSizeKilobytes": "integer",
"ipsecEncryption": "string",
"ipsecIntegrity": "string",
"ikeEncryption": "string",
"ikeIntegrity": "string",
"dhGroup": "string",
"pfsGroup": "string"
}
],
"radiusServerAddress": "string",
"radiusServerSecret": "string",
"aadTenant": "string",
"aadAudience": "string",
"aadIssuer": "string"
},
"bgpSettings": {
"asn": "integer",
"bgpPeeringAddress": "string",
"peerWeight": "integer"
},
"customRoutes": {
"addressPrefixes": [
"string"
]
},
"resourceGuid": "string"
}
},
"localNetworkGateway2": {
"id": "string",
"location": "string",
"tags": {},
"properties": {
"localNetworkAddressSpace": {
"addressPrefixes": [
"string"
]
},
"gatewayIpAddress": "string",
"bgpSettings": {
"asn": "integer",
"bgpPeeringAddress": "string",
"peerWeight": "integer"
},
"resourceGuid": "string"
}
},
"connectionType": "string",
"connectionProtocol": "string",
"routingWeight": "integer",
"sharedKey": "string",
"peer": {
"id": "string"
},
"enableBgp": "boolean",
"usePolicyBasedTrafficSelectors": "boolean",
"ipsecPolicies": [
{
"saLifeTimeSeconds": "integer",
"saDataSizeKilobytes": "integer",
"ipsecEncryption": "string",
"ipsecIntegrity": "string",
"ikeEncryption": "string",
"ikeIntegrity": "string",
"dhGroup": "string",
"pfsGroup": "string"
}
],
"resourceGuid": "string",
"expressRouteGatewayBypass": "boolean"
}
}
Property values
The following tables describe the values you need to set in the schema.
Microsoft.Network/connections object
Name
Type
Required
Value
name
string
Yes
The name of the express route circuit connection.
type
enum
Yes
Microsoft.Network/connections
apiVersion
enum
Yes
2019-06-01
location
string
Yes
Resource location.
tags
object
No
Resource tags.
properties
object
Yes
Properties of the virtual network gateway connection. - VirtualNetworkGatewayConnectionPropertiesFormat object
Name
Type
Required
Value
authorizationKey
string
No
The authorizationKey.
virtualNetworkGateway1
object
Yes
The reference to virtual network gateway resource. - VirtualNetworkGatewayModel object
virtualNetworkGateway2
object
No
The reference to virtual network gateway resource. - VirtualNetworkGatewayModel object
localNetworkGateway2
object
No
The reference to local network gateway resource. - LocalNetworkGateway object
connectionType
enum
Yes
Gateway connection type. - IPsec, Vnet2Vnet, ExpressRoute, VPNClient
connectionProtocol
enum
No
Connection protocol used for this connection. - IKEv2 or IKEv1
routingWeight
integer
No
The routing weight.
sharedKey
string
No
The IPSec shared key.
peer
object
No
The reference to peerings resource. - SubResource object
enableBgp
boolean
No
EnableBgp flag.
usePolicyBasedTrafficSelectors
boolean
No
Enable policy-based traffic selectors.
ipsecPolicies
array
No
The IPSec Policies to be considered by this connection. - IpsecPolicy object
resourceGuid
string
No
The resource GUID property of the VirtualNetworkGatewayConnection resource.
expressRouteGatewayBypass
boolean
No
Bypass ExpressRoute Gateway for data forwarding.
VirtualNetworkGatewayModel object
Name
Type
Required
Value
id
string
No
Resource ID.
location
string
No
Resource location.
tags
object
No
Resource tags.
properties
object
Yes
Properties of the virtual network gateway. - VirtualNetworkGatewayPropertiesFormat object
LocalNetworkGateway object
Name
Type
Required
Value
id
string
No
Resource ID.
location
string
No
Resource location.
tags
object
No
Resource tags.
properties
object
Yes
Properties of the local network gateway. - LocalNetworkGatewayPropertiesFormat object
SubResource object
Name
Type
Required
Value
id
string
No
Resource ID.
IpsecPolicy object
Name
Type
Required
Value
saLifeTimeSeconds
integer
Yes
The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.
saDataSizeKilobytes
integer
Yes
The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.
ipsecEncryption
enum
Yes
The IPSec encryption algorithm (IKE phase 1). - None, DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256
ipsecIntegrity
enum
Yes
The IPSec integrity algorithm (IKE phase 1). - MD5, SHA1, SHA256, GCMAES128, GCMAES192, GCMAES256
ikeEncryption
enum
Yes
The IKE encryption algorithm (IKE phase 2). - DES, DES3, AES128, AES192, AES256, GCMAES256, GCMAES128
ikeIntegrity
enum
Yes
The IKE integrity algorithm (IKE phase 2). - MD5, SHA1, SHA256, SHA384, GCMAES256, GCMAES128
dhGroup
enum
Yes
The DH Group used in IKE Phase 1 for initial SA. - None, DHGroup1, DHGroup2, DHGroup14, DHGroup2048, ECP256, ECP384, DHGroup24
pfsGroup
enum
Yes
The Pfs Group used in IKE Phase 2 for new child SA. - None, PFS1, PFS2, PFS2048, ECP256, ECP384, PFS24, PFS14, PFSMM
Name
Type
Required
Value
ipConfigurations
array
No
IP configurations for virtual network gateway. - VirtualNetworkGatewayIPConfiguration object
gatewayType
enum
No
The type of this virtual network gateway. - Vpn or ExpressRoute
vpnType
enum
No
The type of this virtual network gateway. - PolicyBased or RouteBased
enableBgp
boolean
No
Whether BGP is enabled for this virtual network gateway or not.
activeActive
boolean
No
ActiveActive flag.
gatewayDefaultSite
object
No
The reference of the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. - SubResource object
sku
object
No
The reference of the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway. - VirtualNetworkGatewaySku object
vpnClientConfiguration
object
No
The reference of the VpnClientConfiguration resource which represents the P2S VpnClient configurations. - VpnClientConfiguration object
bgpSettings
object
No
Virtual network gateway's BGP speaker settings. - BgpSettings object
customRoutes
object
No
The reference of the address space resource which represents the custom routes address space specified by the customer for virtual network gateway and VpnClient. - AddressSpace object
resourceGuid
string
No
The resource GUID property of the VirtualNetworkGateway resource.
Name
Type
Required
Value
localNetworkAddressSpace
object
No
Local network site address space. - AddressSpace object
gatewayIpAddress
string
No
IP address of local network gateway.
bgpSettings
object
No
Local network gateway's BGP speaker settings. - BgpSettings object
resourceGuid
string
No
The resource GUID property of the LocalNetworkGateway resource.
VirtualNetworkGatewayIPConfiguration object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Properties of the virtual network gateway ip configuration. - VirtualNetworkGatewayIPConfigurationPropertiesFormat object
name
string
No
The name of the resource that is unique within a resource group. This name can be used to access the resource.
VirtualNetworkGatewaySku object
Name
Type
Required
Value
name
enum
No
Gateway SKU name. - Basic, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ, ErGw1AZ, ErGw2AZ, ErGw3AZ
tier
enum
No
Gateway SKU tier. - Basic, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ, ErGw1AZ, ErGw2AZ, ErGw3AZ
capacity
integer
No
The capacity.
VpnClientConfiguration object
Name
Type
Required
Value
vpnClientAddressPool
object
No
The reference of the address space resource which represents Address space for P2S VpnClient. - AddressSpace object
vpnClientRootCertificates
array
No
VpnClientRootCertificate for virtual network gateway. - VpnClientRootCertificate object
vpnClientRevokedCertificates
array
No
VpnClientRevokedCertificate for Virtual network gateway. - VpnClientRevokedCertificate object
vpnClientProtocols
array
No
VpnClientProtocols for Virtual network gateway. - IkeV2, SSTP, OpenVPN
vpnClientIpsecPolicies
array
No
VpnClientIpsecPolicies for virtual network gateway P2S client. - IpsecPolicy object
radiusServerAddress
string
No
The radius server address property of the VirtualNetworkGateway resource for vpn client connection.
radiusServerSecret
string
No
The radius secret property of the VirtualNetworkGateway resource for vpn client connection.
aadTenant
string
No
The AADTenant property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication.
aadAudience
string
No
The AADAudience property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication.
aadIssuer
string
No
The AADIssuer property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication.
BgpSettings object
Name
Type
Required
Value
asn
integer
No
The BGP speaker's ASN.
bgpPeeringAddress
string
No
The BGP peering address and BGP identifier of this BGP speaker.
peerWeight
integer
No
The weight added to routes learned from this BGP speaker.
AddressSpace object
Name
Type
Required
Value
addressPrefixes
array
No
A list of address blocks reserved for this virtual network in CIDR notation. - string
Name
Type
Required
Value
privateIPAllocationMethod
enum
No
The private IP address allocation method. - Static or Dynamic
subnet
object
No
The reference of the subnet resource. - SubResource object
publicIPAddress
object
No
The reference of the public IP resource. - SubResource object
VpnClientRootCertificate object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
Yes
Properties of the vpn client root certificate. - VpnClientRootCertificatePropertiesFormat object
name
string
No
The name of the resource that is unique within a resource group. This name can be used to access the resource.
VpnClientRevokedCertificate object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Properties of the vpn client revoked certificate. - VpnClientRevokedCertificatePropertiesFormat object
name
string
No
The name of the resource that is unique within a resource group. This name can be used to access the resource.
Name
Type
Required
Value
publicCertData
string
Yes
The certificate public data.
Name
Type
Required
Value
thumbprint
string
No
The revoked VPN client certificate thumbprint.
Quickstart templates
The following quickstart templates deploy this resource type.
