New-AzIpsecPolicy
Creates an IPSec Policy.
Syntax
New-AzIpsecPolicy
[-SALifeTimeSeconds <Int32>]
[-SADataSizeKilobytes <Int32>]
-IpsecEncryption <String>
-IpsecIntegrity <String>
-IkeEncryption <String>
-IkeIntegrity <String>
-DhGroup <String>
-PfsGroup <String>
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The New-AzIpsecPolicy cmdlet creates an IPSec policy proposal to be used in a virtual network gateway connection.
Examples
Example 1
$ipsecPolicy = New-AzIpsecPolicy -SALifeTimeSeconds 1000 -SADataSizeKilobytes 2000 -IpsecEncryption "GCMAES256" -IpsecIntegrity "GCMAES256" -IkeEncryption "AES256" -IkeIntegrity "SHA256" -DhGroup "DHGroup14" -PfsGroup "PFS2048"
New-AzVirtualNetworkGatewayConnection -ResourceGroupName $rgname -name $vnetConnectionName -location $location -VirtualNetworkGateway1 $vnetGateway -LocalNetworkGateway2 $localnetGateway -ConnectionType IPsec -RoutingWeight 3 -SharedKey $sharedKey -UsePolicyBasedTrafficSelectors $true -IpsecPolicies $ipsecPolicy
Creating an IPSec policy to be used for a new virtual network gateway connection.
Parameters
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DhGroup
The DH Groups used in IKE Phase 1 for initial SA
Type: | String |
Accepted values: | None, DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384 |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IkeEncryption
The IKE encryption algorithm (IKE Phase 1)
Type: | String |
Accepted values: | DES, DES3, AES128, AES192, AES256 |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IkeIntegrity
The IKE integrity algorithm (IKE Phase 1)
Type: | String |
Accepted values: | MD5, SHA1, SHA256, SHA384 |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IpsecEncryption
The IPSec encryption algorithm (IKE Phase 2)
Type: | String |
Accepted values: | None, DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256 |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IpsecIntegrity
The IPSec integrity algorithm (IKE Phase 2)
Type: | String |
Accepted values: | MD5, SHA1, SHA256, GCMAES128, GCMAES192, GCMAES256 |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PfsGroup
The DH Groups used in IKE Phase 2 for new child SA
Type: | String |
Accepted values: | None, PFS1, PFS2, PFS2048, PFS24, ECP256, ECP384 |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SADataSizeKilobytes
The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SALifeTimeSeconds
The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
None
Outputs
Commentaires
https://aka.ms/ContentUserFeedback.
Bientôt disponible : Tout au long de 2024, nous allons supprimer progressivement GitHub Issues comme mécanisme de commentaires pour le contenu et le remplacer par un nouveau système de commentaires. Pour plus d’informations, consultezEnvoyer et afficher des commentaires pour