az network vpn-gateway connection vpn-site-link-conn ipsec-policy

Note

This reference is part of the virtual-wan extension for the Azure CLI (version 2.39.0 or higher). The extension will automatically install the first time you run an az network vpn-gateway connection vpn-site-link-conn ipsec-policy command. Learn more about extensions.

Manage site-to-site VPN gateway connection VPN site link IPSec policies.

Commands

az network vpn-gateway connection vpn-site-link-conn ipsec-policy add

Add an IPSec policy to a site-to-site VPN gateway connection VPN site link.

az network vpn-gateway connection vpn-site-link-conn ipsec-policy list

List site-to-site VPN gateway connection VPN site link IPSec policies.

az network vpn-gateway connection vpn-site-link-conn ipsec-policy remove

Remove an IPSec policy from a site-to-site VPN gateway connection VPN site link.

Add an IPSec policy to a site-to-site VPN gateway connection VPN site link.

az network vpn-gateway connection vpn-site-link-conn ipsec-policy add --connection-name
                                                                      --dh-group {DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, None}
                                                                      --gateway-name
                                                                      --ike-encryption {AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES256}
                                                                      --ike-integrity {GCMAES128, GCMAES256, MD5, SHA1, SHA256, SHA384}
                                                                      --ipsec-encryption {AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, None}
                                                                      --ipsec-integrity {GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, SHA256}
                                                                      --name
                                                                      --pfs-group {ECP256, ECP384, None, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM}
                                                                      --resource-group
                                                                      --sa-data-size
                                                                      --sa-lifetime
                                                                      [--no-wait]

Add an IPSec policy to a site-to-site VPN gateway connection VPN site link

az network vpn-gateway connection vpn-site-link-conn ipsec-policy add -g MyRG --connection-name MyConnection --gateway-name MyGateway -n MyVPNSiteLinkConn --ipsec-encryption AES256 --ipsec-integrity SHA256 --sa-lifetime 86471 --sa-data-size 429496 --ike-encryption AES256 --ike-integrity SHA384 --dh-group DHGroup14 --pfs-group PFS14
--connection-name

Name of the VPN gateway connection.

--dh-group

DH Groups used in IKE Phase 1 for initial SA.

accepted values: DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, None
--gateway-name

Name of the VPN gateway.

--ike-encryption

IKE encryption algorithm (IKE phase 2).

accepted values: AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES256
--ike-integrity

IKE integrity algorithm (IKE phase 2).

accepted values: GCMAES128, GCMAES256, MD5, SHA1, SHA256, SHA384
--ipsec-encryption

IPSec encryption algorithm (IKE phase 1).

accepted values: AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, None
--ipsec-integrity

IPSec integrity algorithm (IKE phase 1).

accepted values: GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, SHA256
--name -n

Name of the VPN site link connection.

--pfs-group

The Pfs Groups used in IKE Phase 2 for new child SA.

accepted values: ECP256, ECP384, None, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--sa-data-size

IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site-to-site VPN tunnel.

--sa-lifetime

IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site-to-site VPN tunnel.

--no-wait

Do not wait for the long-running operation to finish.

List site-to-site VPN gateway connection VPN site link IPSec policies.

az network vpn-gateway connection vpn-site-link-conn ipsec-policy list --connection-name
                                                                       --gateway-name
                                                                       --name
                                                                       --resource-group

List IPSec policies on a site-to-site VPN gateway connection VPN site link

az network vpn-gateway connection vpn-site-link-conn ipsec-policy list -g MyRG --connection-name MyConnection --gateway-name MyGateway -n MyVPNSiteLinkConn
--connection-name

Name of the VPN gateway connection.

--gateway-name

Name of the VPN gateway.

--name -n

Name of the VPN site link connection.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Remove an IPSec policy from a site-to-site VPN gateway connection VPN site link.

az network vpn-gateway connection vpn-site-link-conn ipsec-policy remove --connection-name
                                                                         --gateway-name
                                                                         --index
                                                                         --name
                                                                         --resource-group
                                                                         [--no-wait]

Remove an IPSec policy from a site-to-site VPN gateway connection VPN site link

az network vpn-gateway connection vpn-site-link-conn ipsec-policy remove -g MyRG --connection-name MyConnection --gateway-name MyGateway -n MyVPNSiteLinkConn --index 1
--connection-name

Name of the VPN gateway connection.

--gateway-name

Name of the VPN gateway.

--index

List index of the item (starting with 1).

--name -n

Name of the VPN site link connection.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--no-wait

Do not wait for the long-running operation to finish.