az network vpn-connection ipsec-policy

Manage VPN connection IPSec policies.

Commands

az network vpn-connection ipsec-policy add Add a VPN connection IPSec policy.
az network vpn-connection ipsec-policy clear Delete all IPSec policies on a VPN connection.
az network vpn-connection ipsec-policy list List IPSec policies associated with a VPN connection.

az network vpn-connection ipsec-policy add

Add a VPN connection IPSec policy.

az network vpn-connection ipsec-policy add --connection-name
--dh-group {DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, None}
--ike-encryption {AES128, AES192, AES256, DES, DES3}
--ike-integrity {MD5, SHA1, SHA256, SHA384}
--ipsec-encryption {AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, None}
--ipsec-integrity {GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, SHA256}
--pfs-group {ECP256, ECP384, None, PFS1, PFS2, PFS2048, PFS24}
--resource-group
--sa-lifetime
--sa-max-size
[--no-wait]

Required Parameters

--connection-name
Connection name.
--dh-group
The DH Groups used in IKE Phase 1 for initial SA.
accepted values: DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, None
--ike-encryption
The IKE encryption algorithm (IKE phase 2).
accepted values: AES128, AES192, AES256, DES, DES3
--ike-integrity
The IKE integrity algorithm (IKE phase 2).
accepted values: MD5, SHA1, SHA256, SHA384
--ipsec-encryption
The IPSec encryption algorithm (IKE phase 1).
accepted values: AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, None
--ipsec-integrity
The IPSec integrity algorithm (IKE phase 1).
accepted values: GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, SHA256
--pfs-group
The DH Groups used in IKE Phase 2 for new child SA.
accepted values: ECP256, ECP384, None, PFS1, PFS2, PFS2048, PFS24
--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.
--sa-lifetime
The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.
--sa-max-size
The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.

Optional Parameters

--no-wait
Do not wait for the long running operation to finish.

az network vpn-connection ipsec-policy clear

Delete all IPSec policies on a VPN connection.

az network vpn-connection ipsec-policy clear --connection-name
--resource-group
[--no-wait]

Required Parameters

--connection-name
Connection name.
--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.

Optional Parameters

--no-wait
Do not wait for the long running operation to finish.

az network vpn-connection ipsec-policy list

List IPSec policies associated with a VPN connection.

az network vpn-connection ipsec-policy list --connection-name
--resource-group

Required Parameters

--connection-name
Connection name.
--resource-group -g
Name of resource group. You can configure the default group using `az configure --defaults group=<name>`.