Microsoft.Network vpnServerConfigurations 2020-05-01

Template format

To create a Microsoft.Network/vpnServerConfigurations resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Network/vpnServerConfigurations",
  "apiVersion": "2020-05-01",
  "location": "string",
  "tags": {},
  "properties": {
    "name": "string",
    "vpnProtocols": [
      "string"
    ],
    "vpnAuthenticationTypes": [
      "string"
    ],
    "vpnClientRootCertificates": [
      {
        "name": "string",
        "publicCertData": "string"
      }
    ],
    "vpnClientRevokedCertificates": [
      {
        "name": "string",
        "thumbprint": "string"
      }
    ],
    "radiusServerRootCertificates": [
      {
        "name": "string",
        "publicCertData": "string"
      }
    ],
    "radiusClientRootCertificates": [
      {
        "name": "string",
        "thumbprint": "string"
      }
    ],
    "vpnClientIpsecPolicies": [
      {
        "saLifeTimeSeconds": "integer",
        "saDataSizeKilobytes": "integer",
        "ipsecEncryption": "string",
        "ipsecIntegrity": "string",
        "ikeEncryption": "string",
        "ikeIntegrity": "string",
        "dhGroup": "string",
        "pfsGroup": "string"
      }
    ],
    "radiusServerAddress": "string",
    "radiusServerSecret": "string",
    "radiusServers": [
      {
        "radiusServerAddress": "string",
        "radiusServerScore": "integer",
        "radiusServerSecret": "string"
      }
    ],
    "aadAuthenticationParameters": {
      "aadTenant": "string",
      "aadAudience": "string",
      "aadIssuer": "string"
    }
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Network/vpnServerConfigurations object

Name Type Required Value
name string Yes The name of the VpnServerConfiguration being created or updated.
type enum Yes Microsoft.Network/vpnServerConfigurations
apiVersion enum Yes 2020-05-01
location string Yes Resource location.
tags object No Resource tags.
properties object Yes Properties of the P2SVpnServer configuration. - VpnServerConfigurationProperties object

VpnServerConfigurationProperties object

Name Type Required Value
name string No The name of the VpnServerConfiguration that is unique within a resource group.
vpnProtocols array No VPN protocols for the VpnServerConfiguration. - IkeV2 or OpenVPN
vpnAuthenticationTypes array No VPN authentication types for the VpnServerConfiguration. - Certificate, Radius, AAD
vpnClientRootCertificates array No VPN client root certificate of VpnServerConfiguration. - VpnServerConfigVpnClientRootCertificate object
vpnClientRevokedCertificates array No VPN client revoked certificate of VpnServerConfiguration. - VpnServerConfigVpnClientRevokedCertificate object
radiusServerRootCertificates array No Radius Server root certificate of VpnServerConfiguration. - VpnServerConfigRadiusServerRootCertificate object
radiusClientRootCertificates array No Radius client root certificate of VpnServerConfiguration. - VpnServerConfigRadiusClientRootCertificate object
vpnClientIpsecPolicies array No VpnClientIpsecPolicies for VpnServerConfiguration. - IpsecPolicy object
radiusServerAddress string No The radius server address property of the VpnServerConfiguration resource for point to site client connection.
radiusServerSecret string No The radius secret property of the VpnServerConfiguration resource for point to site client connection.
radiusServers array No Multiple Radius Server configuration for VpnServerConfiguration. - RadiusServer object
aadAuthenticationParameters object No The set of aad vpn authentication parameters. - AadAuthenticationParameters object

VpnServerConfigVpnClientRootCertificate object

Name Type Required Value
name string No The certificate name.
publicCertData string No The certificate public data.

VpnServerConfigVpnClientRevokedCertificate object

Name Type Required Value
name string No The certificate name.
thumbprint string No The revoked VPN client certificate thumbprint.

VpnServerConfigRadiusServerRootCertificate object

Name Type Required Value
name string No The certificate name.
publicCertData string No The certificate public data.

VpnServerConfigRadiusClientRootCertificate object

Name Type Required Value
name string No The certificate name.
thumbprint string No The Radius client root certificate thumbprint.

IpsecPolicy object

Name Type Required Value
saLifeTimeSeconds integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.
saDataSizeKilobytes integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.
ipsecEncryption enum Yes The IPSec encryption algorithm (IKE phase 1). - None, DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256
ipsecIntegrity enum Yes The IPSec integrity algorithm (IKE phase 1). - MD5, SHA1, SHA256, GCMAES128, GCMAES192, GCMAES256
ikeEncryption enum Yes The IKE encryption algorithm (IKE phase 2). - DES, DES3, AES128, AES192, AES256, GCMAES256, GCMAES128
ikeIntegrity enum Yes The IKE integrity algorithm (IKE phase 2). - MD5, SHA1, SHA256, SHA384, GCMAES256, GCMAES128
dhGroup enum Yes The DH Group used in IKE Phase 1 for initial SA. - None, DHGroup1, DHGroup2, DHGroup14, DHGroup2048, ECP256, ECP384, DHGroup24
pfsGroup enum Yes The Pfs Group used in IKE Phase 2 for new child SA. - None, PFS1, PFS2, PFS2048, ECP256, ECP384, PFS24, PFS14, PFSMM

RadiusServer object

Name Type Required Value
radiusServerAddress string Yes The address of this radius server.
radiusServerScore integer No The initial score assigned to this radius server.
radiusServerSecret string No The secret used for this radius server.

AadAuthenticationParameters object

Name Type Required Value
aadTenant string No AAD Vpn authentication parameter AAD tenant.
aadAudience string No AAD Vpn authentication parameter AAD audience.
aadIssuer string No AAD Vpn authentication parameter AAD issuer.