Microsoft.Network vpnGateways/vpnConnections 2020-04-01

The vpnGateways/vpnConnections resource type can be deployed to: Resource groups.

To learn about resource group deployments, see Bicep or ARM template.

Template format

To create a Microsoft.Network/vpnGateways/vpnConnections resource, add the following Bicep or JSON to your template.

resource symbolicname 'Microsoft.Network/vpnGateways/vpnConnections@2020-04-01' = {
  name: 'string'
  parent: parentSymbolicName
  properties: {
    connectionBandwidth: int
    dpdTimeoutSeconds: int
    enableBgp: bool
    enableInternetSecurity: bool
    enableRateLimiting: bool
    ipsecPolicies: [
      {
        dhGroup: 'string'
        ikeEncryption: 'string'
        ikeIntegrity: 'string'
        ipsecEncryption: 'string'
        ipsecIntegrity: 'string'
        pfsGroup: 'string'
        saDataSizeKilobytes: int
        saLifeTimeSeconds: int
      }
    ]
    remoteVpnSite: {
      id: 'string'
    }
    routingConfiguration: {
      associatedRouteTable: {
        id: 'string'
      }
      propagatedRouteTables: {
        ids: [
          {
            id: 'string'
          }
        ]
        labels: [ 'string' ]
      }
      vnetRoutes: {
        staticRoutes: [
          {
            addressPrefixes: [ 'string' ]
            name: 'string'
            nextHopIpAddress: 'string'
          }
        ]
      }
    }
    routingWeight: int
    sharedKey: 'string'
    useLocalAzureIpAddress: bool
    usePolicyBasedTrafficSelectors: bool
    vpnConnectionProtocolType: 'string'
    vpnLinkConnections: [
      {
        id: 'string'
        name: 'string'
        properties: {
          connectionBandwidth: int
          enableBgp: bool
          enableRateLimiting: bool
          ipsecPolicies: [
            {
              dhGroup: 'string'
              ikeEncryption: 'string'
              ikeIntegrity: 'string'
              ipsecEncryption: 'string'
              ipsecIntegrity: 'string'
              pfsGroup: 'string'
              saDataSizeKilobytes: int
              saLifeTimeSeconds: int
            }
          ]
          routingWeight: int
          sharedKey: 'string'
          useLocalAzureIpAddress: bool
          usePolicyBasedTrafficSelectors: bool
          vpnConnectionProtocolType: 'string'
          vpnSiteLink: {
            id: 'string'
          }
        }
      }
    ]
  }
}

Property values

vpnGateways/vpnConnections

Name Description Value
type The resource type

For Bicep, set this value in the resource declaration.
'Microsoft.Network/vpnGateways/vpnConnections'
apiVersion The resource api version

For Bicep, set this value in the resource declaration.
'2020-04-01'
name The resource name

See how to set names and types for child resources in Bicep or JSON ARM templates.
string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
parentSymbolicName
properties Parameters for VpnConnection. VpnConnectionProperties

VpnConnectionProperties

Name Description Value
connectionBandwidth Expected bandwidth in MBPS. int
dpdTimeoutSeconds The dead peer detection timeout for a vpn connection in seconds. int
enableBgp EnableBgp flag. bool
enableInternetSecurity Enable internet security. bool
enableRateLimiting EnableBgp flag. bool
ipsecPolicies The IPSec Policies to be considered by this connection. IpsecPolicy[]
remoteVpnSite Reference to another subresource. SubResource
routingConfiguration Routing Configuration indicating the associated and propagated route tables for this connection. RoutingConfiguration
routingWeight Routing weight for vpn connection. int
sharedKey SharedKey for the vpn connection. string
useLocalAzureIpAddress Use local azure ip to initiate connection. bool
usePolicyBasedTrafficSelectors Enable policy-based traffic selectors. bool
vpnConnectionProtocolType Gateway connection protocol. 'IKEv1'
'IKEv2'
vpnLinkConnections List of all vpn site link connections to the gateway. VpnSiteLinkConnection[]

IpsecPolicy

Name Description Value
dhGroup The DH Groups used in IKE Phase 1 for initial SA. 'DHGroup1'
'DHGroup14'
'DHGroup2'
'DHGroup2048'
'DHGroup24'
'ECP256'
'ECP384'
'None'
ikeEncryption The IKE encryption algorithm (IKE phase 2). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES256'
ikeIntegrity The IKE integrity algorithm (IKE phase 2). 'GCMAES128'
'GCMAES256'
'MD5'
'SHA1'
'SHA256'
'SHA384'
ipsecEncryption The IPSec encryption algorithm (IKE phase 1). 'AES128'
'AES192'
'AES256'
'DES'
'DES3'
'GCMAES128'
'GCMAES192'
'GCMAES256'
'None'
ipsecIntegrity The IPSec integrity algorithm (IKE phase 1). 'GCMAES128'
'GCMAES192'
'GCMAES256'
'MD5'
'SHA1'
'SHA256'
pfsGroup The Pfs Groups used in IKE Phase 2 for new child SA. 'ECP256'
'ECP384'
'None'
'PFS1'
'PFS14'
'PFS2'
'PFS2048'
'PFS24'
'PFSMM'
saDataSizeKilobytes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. int (required)
saLifeTimeSeconds The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. int (required)

SubResource

Name Description Value
id Resource ID. string

RoutingConfiguration

Name Description Value
associatedRouteTable Reference to another subresource. SubResource
propagatedRouteTables The list of RouteTables to advertise the routes to. PropagatedRouteTable
vnetRoutes List of routes that control routing from VirtualHub into a virtual network connection. VnetRoute

PropagatedRouteTable

Name Description Value
ids The list of resource ids of all the RouteTables. SubResource[]
labels The list of labels. string[]

VnetRoute

Name Description Value
staticRoutes List of all Static Routes. StaticRoute[]

StaticRoute

Name Description Value
addressPrefixes List of all address prefixes. string[]
name The name of the StaticRoute that is unique within a VnetRoute. string
nextHopIpAddress The ip address of the next hop. string

VpnSiteLinkConnection

Name Description Value
id Resource ID. string
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
properties Parameters for VpnConnection. VpnSiteLinkConnectionProperties

VpnSiteLinkConnectionProperties

Name Description Value
connectionBandwidth Expected bandwidth in MBPS. int
enableBgp EnableBgp flag. bool
enableRateLimiting EnableBgp flag. bool
ipsecPolicies The IPSec Policies to be considered by this connection. IpsecPolicy[]
routingWeight Routing weight for vpn connection. int
sharedKey SharedKey for the vpn connection. string
useLocalAzureIpAddress Use local azure ip to initiate connection. bool
usePolicyBasedTrafficSelectors Enable policy-based traffic selectors. bool
vpnConnectionProtocolType Gateway connection protocol. 'IKEv1'
'IKEv2'
vpnSiteLink Reference to another subresource. SubResource