Microsoft.Network vpnGateways 2020-06-01

Template format

To create a Microsoft.Network/vpnGateways resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Network/vpnGateways",
  "apiVersion": "2020-06-01",
  "location": "string",
  "tags": {},
  "properties": {
    "virtualHub": {
      "id": "string"
    },
    "connections": [
      {
        "id": "string",
        "properties": {
          "remoteVpnSite": {
            "id": "string"
          },
          "routingWeight": "integer",
          "dpdTimeoutSeconds": "integer",
          "connectionStatus": "string",
          "vpnConnectionProtocolType": "string",
          "connectionBandwidth": "integer",
          "sharedKey": "string",
          "enableBgp": "boolean",
          "usePolicyBasedTrafficSelectors": "boolean",
          "ipsecPolicies": [
            {
              "saLifeTimeSeconds": "integer",
              "saDataSizeKilobytes": "integer",
              "ipsecEncryption": "string",
              "ipsecIntegrity": "string",
              "ikeEncryption": "string",
              "ikeIntegrity": "string",
              "dhGroup": "string",
              "pfsGroup": "string"
            }
          ],
          "enableRateLimiting": "boolean",
          "enableInternetSecurity": "boolean",
          "useLocalAzureIpAddress": "boolean",
          "vpnLinkConnections": [
            {
              "id": "string",
              "properties": {
                "vpnSiteLink": {
                  "id": "string"
                },
                "routingWeight": "integer",
                "connectionStatus": "string",
                "vpnConnectionProtocolType": "string",
                "connectionBandwidth": "integer",
                "sharedKey": "string",
                "enableBgp": "boolean",
                "usePolicyBasedTrafficSelectors": "boolean",
                "ipsecPolicies": [
                  {
                    "saLifeTimeSeconds": "integer",
                    "saDataSizeKilobytes": "integer",
                    "ipsecEncryption": "string",
                    "ipsecIntegrity": "string",
                    "ikeEncryption": "string",
                    "ikeIntegrity": "string",
                    "dhGroup": "string",
                    "pfsGroup": "string"
                  }
                ],
                "enableRateLimiting": "boolean",
                "useLocalAzureIpAddress": "boolean"
              },
              "name": "string"
            }
          ],
          "routingConfiguration": {
            "associatedRouteTable": {
              "id": "string"
            },
            "propagatedRouteTables": {
              "labels": [
                "string"
              ],
              "ids": [
                {
                  "id": "string"
                }
              ]
            },
            "vnetRoutes": {
              "staticRoutes": [
                {
                  "name": "string",
                  "addressPrefixes": [
                    "string"
                  ],
                  "nextHopIpAddress": "string"
                }
              ]
            }
          }
        },
        "name": "string"
      }
    ],
    "bgpSettings": {
      "asn": "integer",
      "bgpPeeringAddress": "string",
      "peerWeight": "integer",
      "bgpPeeringAddresses": [
        {
          "ipconfigurationId": "string",
          "customBgpIpAddresses": [
            "string"
          ]
        }
      ]
    },
    "vpnGatewayScaleUnit": "integer"
  },
  "resources": []
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Network/vpnGateways object

Name Type Required Value
name string Yes The name of the gateway.
type enum Yes Microsoft.Network/vpnGateways
apiVersion enum Yes 2020-06-01
location string Yes Resource location.
tags object No Resource tags.
properties object Yes Properties of the VPN gateway. - VpnGatewayProperties object
resources array No vpnConnections

VpnGatewayProperties object

Name Type Required Value
virtualHub object No The VirtualHub to which the gateway belongs. - SubResource object
connections array No List of all vpn connections to the gateway. - VpnConnection object
bgpSettings object No Local network gateway's BGP speaker settings. - BgpSettings object
vpnGatewayScaleUnit integer No The scale unit for this vpn gateway.

SubResource object

Name Type Required Value
id string No Resource ID.

VpnConnection object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the VPN connection. - VpnConnectionProperties object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

BgpSettings object

Name Type Required Value
asn integer No The BGP speaker's ASN.
bgpPeeringAddress string No The BGP peering address and BGP identifier of this BGP speaker.
peerWeight integer No The weight added to routes learned from this BGP speaker.
bgpPeeringAddresses array No BGP peering address with IP configuration ID for virtual network gateway. - IPConfigurationBgpPeeringAddress object

VpnConnectionProperties object

Name Type Required Value
remoteVpnSite object No Id of the connected vpn site. - SubResource object
routingWeight integer No Routing weight for vpn connection.
dpdTimeoutSeconds integer No DPD timeout in seconds for vpn connection.
connectionStatus enum No The connection status. - Unknown, Connecting, Connected, NotConnected
vpnConnectionProtocolType enum No Connection protocol used for this connection. - IKEv2 or IKEv1
connectionBandwidth integer No Expected bandwidth in MBPS.
sharedKey string No SharedKey for the vpn connection.
enableBgp boolean No EnableBgp flag.
usePolicyBasedTrafficSelectors boolean No Enable policy-based traffic selectors.
ipsecPolicies array No The IPSec Policies to be considered by this connection. - IpsecPolicy object
enableRateLimiting boolean No EnableBgp flag.
enableInternetSecurity boolean No Enable internet security.
useLocalAzureIpAddress boolean No Use local azure ip to initiate connection.
vpnLinkConnections array No List of all vpn site link connections to the gateway. - VpnSiteLinkConnection object
routingConfiguration object No The Routing Configuration indicating the associated and propagated route tables on this connection. - RoutingConfiguration object

IPConfigurationBgpPeeringAddress object

Name Type Required Value
ipconfigurationId string No The ID of IP configuration which belongs to gateway.
customBgpIpAddresses array No The list of custom BGP peering addresses which belong to IP configuration. - string

IpsecPolicy object

Name Type Required Value
saLifeTimeSeconds integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.
saDataSizeKilobytes integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.
ipsecEncryption enum Yes The IPSec encryption algorithm (IKE phase 1). - None, DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256
ipsecIntegrity enum Yes The IPSec integrity algorithm (IKE phase 1). - MD5, SHA1, SHA256, GCMAES128, GCMAES192, GCMAES256
ikeEncryption enum Yes The IKE encryption algorithm (IKE phase 2). - DES, DES3, AES128, AES192, AES256, GCMAES256, GCMAES128
ikeIntegrity enum Yes The IKE integrity algorithm (IKE phase 2). - MD5, SHA1, SHA256, SHA384, GCMAES256, GCMAES128
dhGroup enum Yes The DH Group used in IKE Phase 1 for initial SA. - None, DHGroup1, DHGroup2, DHGroup14, DHGroup2048, ECP256, ECP384, DHGroup24
pfsGroup enum Yes The Pfs Group used in IKE Phase 2 for new child SA. - None, PFS1, PFS2, PFS2048, ECP256, ECP384, PFS24, PFS14, PFSMM

VpnSiteLinkConnection object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the VPN site link connection. - VpnSiteLinkConnectionProperties object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

RoutingConfiguration object

Name Type Required Value
associatedRouteTable object No The resource id RouteTable associated with this RoutingConfiguration. - SubResource object
propagatedRouteTables object No The list of RouteTables to advertise the routes to. - PropagatedRouteTable object
vnetRoutes object No List of routes that control routing from VirtualHub into a virtual network connection. - VnetRoute object

VpnSiteLinkConnectionProperties object

Name Type Required Value
vpnSiteLink object No Id of the connected vpn site link. - SubResource object
routingWeight integer No Routing weight for vpn connection.
connectionStatus enum No The connection status. - Unknown, Connecting, Connected, NotConnected
vpnConnectionProtocolType enum No Connection protocol used for this connection. - IKEv2 or IKEv1
connectionBandwidth integer No Expected bandwidth in MBPS.
sharedKey string No SharedKey for the vpn connection.
enableBgp boolean No EnableBgp flag.
usePolicyBasedTrafficSelectors boolean No Enable policy-based traffic selectors.
ipsecPolicies array No The IPSec Policies to be considered by this connection. - IpsecPolicy object
enableRateLimiting boolean No EnableBgp flag.
useLocalAzureIpAddress boolean No Use local azure ip to initiate connection.

PropagatedRouteTable object

Name Type Required Value
labels array No The list of labels. - string
ids array No The list of resource ids of all the RouteTables. - SubResource object

VnetRoute object

Name Type Required Value
staticRoutes array No List of all Static Routes. - StaticRoute object

StaticRoute object

Name Type Required Value
name string No The name of the StaticRoute that is unique within a VnetRoute.
addressPrefixes array No List of all address prefixes. - string
nextHopIpAddress string No The ip address of the next hop.

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Creates Virtual wan resources

Deploy to Azure
This template allows you to create virtual wan resources including virtual wan, virtual hub, vpn gateway, vpnsite and a vpn connecton.