Create a VPN Gateway and add a Site-to-Site connection using PowerShell

This script creates a route-based VPN Gateway and adds Site-to-Site configuration. In order to create the connection, you also need to configure your VPN device. For more information, see About VPN devices and IPsec/IKE parameters for Site-to-Site VPN Gateway connections.

Note

This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. For Az module installation instructions, see Install Azure PowerShell.

# Declare variables
  $VNetName  = "VNet1"
  $FESubName = "FrontEnd"
  $BESubName = "Backend"
  $GWSubName = "GatewaySubnet"
  $VNetPrefix1 = "10.0.0.0/16"
  $FESubPrefix = "10.1.0.0/24"
  $BESubPrefix = "10.1.1.0/24"
  $GWSubPrefix = "10.1.255.0/27"
  $VPNClientAddressPool = "192.168.0.0/24"
  $RG = "TestRG1"
  $Location = "East US"
  $GWName = "VNet1GW"
  $GWIPName = "VNet1GWIP"
  $GWIPconfName = "gwipconf"
# Create a resource group
New-AzResourceGroup -Name TestRG1 -Location EastUS
# Create a virtual network
$virtualNetwork = New-AzVirtualNetwork `
  -ResourceGroupName TestRG1 `
  -Location EastUS `
  -Name VNet1 `
  -AddressPrefix 10.1.0.0/16
# Create a subnet configuration
$subnetConfig = Add-AzVirtualNetworkSubnetConfig `
  -Name Frontend `
  -AddressPrefix 10.1.0.0/24 `
  -VirtualNetwork $virtualNetwork
# Set the subnet configuration for the virtual network
$virtualNetwork | Set-AzVirtualNetwork
# Add a gateway subnet
$vnet = Get-AzVirtualNetwork -ResourceGroupName TestRG1 -Name VNet1
Add-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 10.1.255.0/27 -VirtualNetwork $vnet
# Set the subnet configuration for the virtual network
$vnet | Set-AzVirtualNetwork
# Request a public IP address
$gwpip= New-AzPublicIpAddress -Name VNet1GWIP -ResourceGroupName TestRG1 -Location 'East US' `
 -AllocationMethod Dynamic
# Create the gateway IP address configuration
$vnet = Get-AzVirtualNetwork -Name VNet1 -ResourceGroupName TestRG1
$subnet = Get-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
$gwipconfig = New-AzVirtualNetworkGatewayIpConfig -Name gwipconfig1 -SubnetId $subnet.Id -PublicIpAddressId $gwpip.Id
# Create the VPN gateway
New-AzVirtualNetworkGateway -Name VNet1GW -ResourceGroupName TestRG1 `
 -Location 'East US' -IpConfigurations $gwipconfig -GatewayType Vpn `
 -VpnType RouteBased -GatewaySku VpnGw1
# Create the local network gateway
New-AzLocalNetworkGateway -Name Site1 -ResourceGroupName TestRG1 `
 -Location 'East US' -GatewayIpAddress '23.99.221.164' -AddressPrefix @('10.101.0.0/24','10.101.1.0/24')
# Configure your on-premises VPN device
# Create the VPN connection
$gateway1 = Get-AzVirtualNetworkGateway -Name VNet1GW -ResourceGroupName TestRG1
$local = Get-AzLocalNetworkGateway -Name Site1 -ResourceGroupName TestRG1
New-AzVirtualNetworkGatewayConnection -Name VNet1toSite1 -ResourceGroupName TestRG1 `
 -Location 'East US' -VirtualNetworkGateway1 $gateway1 -LocalNetworkGateway2 $local `
 -ConnectionType IPsec -RoutingWeight 10 -SharedKey 'abc123'

Clean up resources

When you no longer need the resources you created, use the Remove-AzResourceGroup command to delete the resource group. This will delete the resource group and all of the resources it contains.

Remove-AzResourceGroup -Name TestRG1

Script explanation

This script uses the following commands to create the deployment. Each item in the table links to command specific documentation.

Command Notes
Add-AzVirtualNetworkSubnetConfig Adds a subnet configuration. This configuration is used with the virtual network creation process.
Get-AzVirtualNetwork Gets a virtual network details.
Get-AzVirtualNetworkGateway Gets virtual network gateway details.
Get-AzLocalNetworkGateway Gets local network gateway details.
Get-AzVirtualNetworkSubnetConfig Gets the virtual network subnet configuration details.
New-AzResourceGroup Creates a resource group in which all resources are stored.
New-AzVirtualNetworkSubnetConfig Creates a subnet configuration. This configuration is used with the virtual network creation process.
New-AzVirtualNetwork Creates a virtual network.
New-AzPublicIpAddress Creates a public IP address.
New-AzVirtualNetworkGatewayIpConfig Creates a new gateway ip configuration.
New-AzVirtualNetworkGateway Creates a VPN gateway.
New-AzLocalNetworkGateway Creates a local network gateway.
New-AzVirtualNetworkGatewayConnection Creates a site-to-site connection.
Remove-AzResourceGroup Removes a resource group and all resources contained within.
Set-AzVirtualNetwork Sets the subnet configuration for the virtual network.
Set-AzVirtualNetworkGateway Sets the configuration for the VPN gateway.

Next steps

For more information on the Azure PowerShell module, see Azure PowerShell documentation.