az network vpn-connection ipsec-policy

Manage VPN connection IPSec policies.

Commands

az network vpn-connection ipsec-policy add Add a VPN connection IPSec policy.
az network vpn-connection ipsec-policy clear Delete all IPSec policies on a VPN connection.
az network vpn-connection ipsec-policy list List IPSec policies associated with a VPN connection.

az network vpn-connection ipsec-policy add

Add a VPN connection IPSec policy.

az network vpn-connection ipsec-policy add --connection-name
--dh-group {DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, None}
--ike-encryption {AES128, AES192, AES256, DES, DES3}
--ike-integrity {MD5, SHA1, SHA256, SHA384}
--ipsec-encryption {AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, None}
--ipsec-integrity {GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, SHA256}
--pfs-group {ECP256, ECP384, None, PFS1, PFS2, PFS2048, PFS24}
--resource-group
--sa-lifetime
--sa-max-size
[--no-wait]

Required Parameters

--connection-name

Connection name.

--dh-group

The DH Groups used in IKE Phase 1 for initial SA.

accepted values: DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, None
--ike-encryption

The IKE encryption algorithm (IKE phase 2).

accepted values: AES128, AES192, AES256, DES, DES3
--ike-integrity

The IKE integrity algorithm (IKE phase 2).

accepted values: MD5, SHA1, SHA256, SHA384
--ipsec-encryption

The IPSec encryption algorithm (IKE phase 1).

accepted values: AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, None
--ipsec-integrity

The IPSec integrity algorithm (IKE phase 1).

accepted values: GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, SHA256
--pfs-group

The DH Groups used in IKE Phase 2 for new child SA.

accepted values: ECP256, ECP384, None, PFS1, PFS2, PFS2048, PFS24
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

--sa-lifetime

The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.

--sa-max-size

The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.

Optional Parameters

--no-wait

Do not wait for the long running operation to finish.

az network vpn-connection ipsec-policy clear

Delete all IPSec policies on a VPN connection.

az network vpn-connection ipsec-policy clear --connection-name
--resource-group
[--no-wait]

Required Parameters

--connection-name

Connection name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

Optional Parameters

--no-wait

Do not wait for the long running operation to finish.

az network vpn-connection ipsec-policy list

List IPSec policies associated with a VPN connection.

az network vpn-connection ipsec-policy list --connection-name
--resource-group

Required Parameters

--connection-name

Connection name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.