Microsoft.Network connections 2020-05-01

Template format

To create a Microsoft.Network/connections resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Network/connections",
  "apiVersion": "2020-05-01",
  "location": "string",
  "tags": {},
  "properties": {
    "authorizationKey": "string",
    "virtualNetworkGateway1": {
      "id": "string",
      "location": "string",
      "tags": {},
      "properties": {
        "ipConfigurations": [
          {
            "id": "string",
            "properties": {
              "privateIPAllocationMethod": "string",
              "subnet": {
                "id": "string"
              },
              "publicIPAddress": {
                "id": "string"
              }
            },
            "name": "string"
          }
        ],
        "gatewayType": "string",
        "vpnType": "string",
        "vpnGatewayGeneration": "string",
        "enableBgp": "boolean",
        "enablePrivateIpAddress": "boolean",
        "activeActive": "boolean",
        "gatewayDefaultSite": {
          "id": "string"
        },
        "sku": {
          "name": "string",
          "tier": "string"
        },
        "vpnClientConfiguration": {
          "vpnClientAddressPool": {
            "addressPrefixes": [
              "string"
            ]
          },
          "vpnClientRootCertificates": [
            {
              "id": "string",
              "properties": {
                "publicCertData": "string"
              },
              "name": "string"
            }
          ],
          "vpnClientRevokedCertificates": [
            {
              "id": "string",
              "properties": {
                "thumbprint": "string"
              },
              "name": "string"
            }
          ],
          "vpnClientProtocols": [
            "string"
          ],
          "vpnClientIpsecPolicies": [
            {
              "saLifeTimeSeconds": "integer",
              "saDataSizeKilobytes": "integer",
              "ipsecEncryption": "string",
              "ipsecIntegrity": "string",
              "ikeEncryption": "string",
              "ikeIntegrity": "string",
              "dhGroup": "string",
              "pfsGroup": "string"
            }
          ],
          "radiusServerAddress": "string",
          "radiusServerSecret": "string",
          "radiusServers": [
            {
              "radiusServerAddress": "string",
              "radiusServerScore": "integer",
              "radiusServerSecret": "string"
            }
          ],
          "aadTenant": "string",
          "aadAudience": "string",
          "aadIssuer": "string"
        },
        "bgpSettings": {
          "asn": "integer",
          "bgpPeeringAddress": "string",
          "peerWeight": "integer",
          "bgpPeeringAddresses": [
            {
              "ipconfigurationId": "string",
              "customBgpIpAddresses": [
                "string"
              ]
            }
          ]
        },
        "customRoutes": {
          "addressPrefixes": [
            "string"
          ]
        },
        "enableDnsForwarding": "boolean"
      }
    },
    "virtualNetworkGateway2": {
      "id": "string",
      "location": "string",
      "tags": {},
      "properties": {
        "ipConfigurations": [
          {
            "id": "string",
            "properties": {
              "privateIPAllocationMethod": "string",
              "subnet": {
                "id": "string"
              },
              "publicIPAddress": {
                "id": "string"
              }
            },
            "name": "string"
          }
        ],
        "gatewayType": "string",
        "vpnType": "string",
        "vpnGatewayGeneration": "string",
        "enableBgp": "boolean",
        "enablePrivateIpAddress": "boolean",
        "activeActive": "boolean",
        "gatewayDefaultSite": {
          "id": "string"
        },
        "sku": {
          "name": "string",
          "tier": "string"
        },
        "vpnClientConfiguration": {
          "vpnClientAddressPool": {
            "addressPrefixes": [
              "string"
            ]
          },
          "vpnClientRootCertificates": [
            {
              "id": "string",
              "properties": {
                "publicCertData": "string"
              },
              "name": "string"
            }
          ],
          "vpnClientRevokedCertificates": [
            {
              "id": "string",
              "properties": {
                "thumbprint": "string"
              },
              "name": "string"
            }
          ],
          "vpnClientProtocols": [
            "string"
          ],
          "vpnClientIpsecPolicies": [
            {
              "saLifeTimeSeconds": "integer",
              "saDataSizeKilobytes": "integer",
              "ipsecEncryption": "string",
              "ipsecIntegrity": "string",
              "ikeEncryption": "string",
              "ikeIntegrity": "string",
              "dhGroup": "string",
              "pfsGroup": "string"
            }
          ],
          "radiusServerAddress": "string",
          "radiusServerSecret": "string",
          "radiusServers": [
            {
              "radiusServerAddress": "string",
              "radiusServerScore": "integer",
              "radiusServerSecret": "string"
            }
          ],
          "aadTenant": "string",
          "aadAudience": "string",
          "aadIssuer": "string"
        },
        "bgpSettings": {
          "asn": "integer",
          "bgpPeeringAddress": "string",
          "peerWeight": "integer",
          "bgpPeeringAddresses": [
            {
              "ipconfigurationId": "string",
              "customBgpIpAddresses": [
                "string"
              ]
            }
          ]
        },
        "customRoutes": {
          "addressPrefixes": [
            "string"
          ]
        },
        "enableDnsForwarding": "boolean"
      }
    },
    "localNetworkGateway2": {
      "id": "string",
      "location": "string",
      "tags": {},
      "properties": {
        "localNetworkAddressSpace": {
          "addressPrefixes": [
            "string"
          ]
        },
        "gatewayIpAddress": "string",
        "fqdn": "string",
        "bgpSettings": {
          "asn": "integer",
          "bgpPeeringAddress": "string",
          "peerWeight": "integer",
          "bgpPeeringAddresses": [
            {
              "ipconfigurationId": "string",
              "customBgpIpAddresses": [
                "string"
              ]
            }
          ]
        }
      }
    },
    "connectionType": "string",
    "connectionProtocol": "string",
    "routingWeight": "integer",
    "dpdTimeoutSeconds": "integer",
    "sharedKey": "string",
    "peer": {
      "id": "string"
    },
    "enableBgp": "boolean",
    "useLocalAzureIpAddress": "boolean",
    "usePolicyBasedTrafficSelectors": "boolean",
    "ipsecPolicies": [
      {
        "saLifeTimeSeconds": "integer",
        "saDataSizeKilobytes": "integer",
        "ipsecEncryption": "string",
        "ipsecIntegrity": "string",
        "ikeEncryption": "string",
        "ikeIntegrity": "string",
        "dhGroup": "string",
        "pfsGroup": "string"
      }
    ],
    "trafficSelectorPolicies": [
      {
        "localAddressRanges": [
          "string"
        ],
        "remoteAddressRanges": [
          "string"
        ]
      }
    ],
    "expressRouteGatewayBypass": "boolean"
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Network/connections object

Name Type Required Value
name string Yes The name of the express route circuit connection.
type enum Yes Microsoft.Network/connections
apiVersion enum Yes 2020-05-01
location string Yes Resource location.
tags object No Resource tags.
properties object Yes Properties of the virtual network gateway connection. - VirtualNetworkGatewayConnectionPropertiesFormat object

VirtualNetworkGatewayConnectionPropertiesFormat object

Name Type Required Value
authorizationKey string No The authorizationKey.
virtualNetworkGateway1 object Yes The reference to virtual network gateway resource. - VirtualNetworkGatewayModel object
virtualNetworkGateway2 object No The reference to virtual network gateway resource. - VirtualNetworkGatewayModel object
localNetworkGateway2 object No The reference to local network gateway resource. - LocalNetworkGateway object
connectionType enum Yes Gateway connection type. - IPsec, Vnet2Vnet, ExpressRoute, VPNClient
connectionProtocol enum No Connection protocol used for this connection. - IKEv2 or IKEv1
routingWeight integer No The routing weight.
dpdTimeoutSeconds integer No The dead peer detection timeout of this connection in seconds.
sharedKey string No The IPSec shared key.
peer object No The reference to peerings resource. - SubResource object
enableBgp boolean No EnableBgp flag.
useLocalAzureIpAddress boolean No Use private local Azure IP for the connection.
usePolicyBasedTrafficSelectors boolean No Enable policy-based traffic selectors.
ipsecPolicies array No The IPSec Policies to be considered by this connection. - IpsecPolicy object
trafficSelectorPolicies array No The Traffic Selector Policies to be considered by this connection. - TrafficSelectorPolicy object
expressRouteGatewayBypass boolean No Bypass ExpressRoute Gateway for data forwarding.

VirtualNetworkGatewayModel object

Name Type Required Value
id string No Resource ID.
location string No Resource location.
tags object No Resource tags.
properties object Yes Properties of the virtual network gateway. - VirtualNetworkGatewayPropertiesFormat object

LocalNetworkGateway object

Name Type Required Value
id string No Resource ID.
location string No Resource location.
tags object No Resource tags.
properties object Yes Properties of the local network gateway. - LocalNetworkGatewayPropertiesFormat object

SubResource object

Name Type Required Value
id string No Resource ID.

IpsecPolicy object

Name Type Required Value
saLifeTimeSeconds integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.
saDataSizeKilobytes integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.
ipsecEncryption enum Yes The IPSec encryption algorithm (IKE phase 1). - None, DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256
ipsecIntegrity enum Yes The IPSec integrity algorithm (IKE phase 1). - MD5, SHA1, SHA256, GCMAES128, GCMAES192, GCMAES256
ikeEncryption enum Yes The IKE encryption algorithm (IKE phase 2). - DES, DES3, AES128, AES192, AES256, GCMAES256, GCMAES128
ikeIntegrity enum Yes The IKE integrity algorithm (IKE phase 2). - MD5, SHA1, SHA256, SHA384, GCMAES256, GCMAES128
dhGroup enum Yes The DH Group used in IKE Phase 1 for initial SA. - None, DHGroup1, DHGroup2, DHGroup14, DHGroup2048, ECP256, ECP384, DHGroup24
pfsGroup enum Yes The Pfs Group used in IKE Phase 2 for new child SA. - None, PFS1, PFS2, PFS2048, ECP256, ECP384, PFS24, PFS14, PFSMM

TrafficSelectorPolicy object

Name Type Required Value
localAddressRanges array Yes A collection of local address spaces in CIDR format. - string
remoteAddressRanges array Yes A collection of remote address spaces in CIDR format. - string

VirtualNetworkGatewayPropertiesFormat object

Name Type Required Value
ipConfigurations array No IP configurations for virtual network gateway. - VirtualNetworkGatewayIPConfiguration object
gatewayType enum No The type of this virtual network gateway. - Vpn or ExpressRoute
vpnType enum No The type of this virtual network gateway. - PolicyBased or RouteBased
vpnGatewayGeneration enum No The generation for this VirtualNetworkGateway. Must be None if gatewayType is not VPN. - None, Generation1, Generation2
enableBgp boolean No Whether BGP is enabled for this virtual network gateway or not.
enablePrivateIpAddress boolean No Whether private IP needs to be enabled on this gateway for connections or not.
activeActive boolean No ActiveActive flag.
gatewayDefaultSite object No The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. - SubResource object
sku object No The reference to the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway. - VirtualNetworkGatewaySku object
vpnClientConfiguration object No The reference to the VpnClientConfiguration resource which represents the P2S VpnClient configurations. - VpnClientConfiguration object
bgpSettings object No Virtual network gateway's BGP speaker settings. - BgpSettings object
customRoutes object No The reference to the address space resource which represents the custom routes address space specified by the customer for virtual network gateway and VpnClient. - AddressSpace object
enableDnsForwarding boolean No Whether dns forwarding is enabled or not.

LocalNetworkGatewayPropertiesFormat object

Name Type Required Value
localNetworkAddressSpace object No Local network site address space. - AddressSpace object
gatewayIpAddress string No IP address of local network gateway.
fqdn string No FQDN of local network gateway.
bgpSettings object No Local network gateway's BGP speaker settings. - BgpSettings object

VirtualNetworkGatewayIPConfiguration object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the virtual network gateway ip configuration. - VirtualNetworkGatewayIPConfigurationPropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

VirtualNetworkGatewaySku object

Name Type Required Value
name enum No Gateway SKU name. - Basic, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw2, VpnGw3, VpnGw4, VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ, VpnGw4AZ, VpnGw5AZ, ErGw1AZ, ErGw2AZ, ErGw3AZ
tier enum No Gateway SKU tier. - Basic, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw2, VpnGw3, VpnGw4, VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ, VpnGw4AZ, VpnGw5AZ, ErGw1AZ, ErGw2AZ, ErGw3AZ

VpnClientConfiguration object

Name Type Required Value
vpnClientAddressPool object No The reference to the address space resource which represents Address space for P2S VpnClient. - AddressSpace object
vpnClientRootCertificates array No VpnClientRootCertificate for virtual network gateway. - VpnClientRootCertificate object
vpnClientRevokedCertificates array No VpnClientRevokedCertificate for Virtual network gateway. - VpnClientRevokedCertificate object
vpnClientProtocols array No VpnClientProtocols for Virtual network gateway. - IkeV2, SSTP, OpenVPN
vpnClientIpsecPolicies array No VpnClientIpsecPolicies for virtual network gateway P2S client. - IpsecPolicy object
radiusServerAddress string No The radius server address property of the VirtualNetworkGateway resource for vpn client connection.
radiusServerSecret string No The radius secret property of the VirtualNetworkGateway resource for vpn client connection.
radiusServers array No The radiusServers property for multiple radius server configuration. - RadiusServer object
aadTenant string No The AADTenant property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication.
aadAudience string No The AADAudience property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication.
aadIssuer string No The AADIssuer property of the VirtualNetworkGateway resource for vpn client connection used for AAD authentication.

BgpSettings object

Name Type Required Value
asn integer No The BGP speaker's ASN.
bgpPeeringAddress string No The BGP peering address and BGP identifier of this BGP speaker.
peerWeight integer No The weight added to routes learned from this BGP speaker.
bgpPeeringAddresses array No BGP peering address with IP configuration ID for virtual network gateway. - IPConfigurationBgpPeeringAddress object

AddressSpace object

Name Type Required Value
addressPrefixes array No A list of address blocks reserved for this virtual network in CIDR notation. - string

VirtualNetworkGatewayIPConfigurationPropertiesFormat object

Name Type Required Value
privateIPAllocationMethod enum No The private IP address allocation method. - Static or Dynamic
subnet object No The reference to the subnet resource. - SubResource object
publicIPAddress object No The reference to the public IP resource. - SubResource object

VpnClientRootCertificate object

Name Type Required Value
id string No Resource ID.
properties object Yes Properties of the vpn client root certificate. - VpnClientRootCertificatePropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

VpnClientRevokedCertificate object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the vpn client revoked certificate. - VpnClientRevokedCertificatePropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

RadiusServer object

Name Type Required Value
radiusServerAddress string Yes The address of this radius server.
radiusServerScore integer No The initial score assigned to this radius server.
radiusServerSecret string No The secret used for this radius server.

IPConfigurationBgpPeeringAddress object

Name Type Required Value
ipconfigurationId string No The ID of IP configuration which belongs to gateway.
customBgpIpAddresses array No The list of custom BGP peering addresses which belong to IP configuration. - string

VpnClientRootCertificatePropertiesFormat object

Name Type Required Value
publicCertData string Yes The certificate public data.

VpnClientRevokedCertificatePropertiesFormat object

Name Type Required Value
thumbprint string No The revoked VPN client certificate thumbprint.

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Deploy HBase geo replication

Deploy to Azure
This template allows you to configure an Azure environment for HBase replication across two different regions with VPN vnet-to-vnet connection.
Create a Site-to-Site VPN Connection

Deploy to Azure
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways
VPN Custom IPSec Policy

Deploy to Azure
This custom IPSec Policy allows more granular configuration of the IKE Parameters. This allows you to deploy a site-to-site VPN Policy to support specific settings on your VPN Endpoit Device.
Extend an existing Azure VNET to a Multi-VNET Configuration

Deploy to Azure
This template allows you to extend an existing single VNET environment to a Multi-VNET environment that extends across two datacenter regions using VNET-to-VNET gateways
Create a Site-to-Site VPN Connection

Deploy to Azure
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways
Create a VNET to VNET connection across two regions

Deploy to Azure
This template allows you to connect two VNETs in different regions using Virtual Network Gateways
Create a BGP VNET to VNET connection

Deploy to Azure
This template allows you to connect two VNETs using Virtual Network Gateways and BGP
Create three vNets to demonstrate transitive BGP connections

Deploy to Azure
This template deploys three vNets connected using Virtual Network Gateways and BGP-enabled connections
Zerto Cloud Appliance with Site-to-Site VPN Connection

Deploy to Azure
This template allows you to create a Zerto Cloud Appliance with a VPN
Connect an ExpressRoute circuit to a VNET

Deploy to Azure
This template creates a VNET, an ExpresRoute Gateway and a connection to a provisioned and enabled ExpressRoute circuit with AzurePrivatePeering configured.
BOSH CF Cross Region

Deploy to Azure
This template helps you setup the resources needed to deploy BOSH and Cloud Foundry across two regions on Azure.