Microsoft.Network/virtualNetworkGateways template reference

API Version: 2018-07-01

Template format

To create a Microsoft.Network/virtualNetworkGateways resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Network/virtualNetworkGateways",
  "apiVersion": "2018-07-01",
  "location": "string",
  "tags": {},
  "properties": {
    "ipConfigurations": [
      {
        "id": "string",
        "properties": {
          "privateIPAllocationMethod": "string",
          "subnet": {
            "id": "string"
          },
          "publicIPAddress": {
            "id": "string"
          }
        },
        "name": "string"
      }
    ],
    "gatewayType": "string",
    "vpnType": "string",
    "enableBgp": boolean,
    "activeActive": boolean,
    "gatewayDefaultSite": {
      "id": "string"
    },
    "sku": {
      "name": "string",
      "tier": "string",
      "capacity": "integer"
    },
    "vpnClientConfiguration": {
      "vpnClientAddressPool": {
        "addressPrefixes": [
          "string"
        ]
      },
      "vpnClientRootCertificates": [
        {
          "id": "string",
          "properties": {
            "publicCertData": "string"
          },
          "name": "string"
        }
      ],
      "vpnClientRevokedCertificates": [
        {
          "id": "string",
          "properties": {
            "thumbprint": "string"
          },
          "name": "string"
        }
      ],
      "vpnClientProtocols": [
        "string"
      ],
      "vpnClientIpsecPolicies": [
        {
          "saLifeTimeSeconds": "integer",
          "saDataSizeKilobytes": "integer",
          "ipsecEncryption": "string",
          "ipsecIntegrity": "string",
          "ikeEncryption": "string",
          "ikeIntegrity": "string",
          "dhGroup": "string",
          "pfsGroup": "string"
        }
      ],
      "radiusServerAddress": "string",
      "radiusServerSecret": "string"
    },
    "bgpSettings": {
      "asn": "integer",
      "bgpPeeringAddress": "string",
      "peerWeight": "integer"
    },
    "resourceGuid": "string"
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Network/virtualNetworkGateways object

Name Type Required Value
name string Yes
type enum Yes Microsoft.Network/virtualNetworkGateways
apiVersion enum Yes 2018-07-01
location string No Resource location.
tags object No Resource tags.
properties object Yes Properties of the virtual network gateway. - VirtualNetworkGatewayPropertiesFormat object

VirtualNetworkGatewayPropertiesFormat object

Name Type Required Value
ipConfigurations array No IP configurations for virtual network gateway. - VirtualNetworkGatewayIPConfiguration object
gatewayType enum No The type of this virtual network gateway. Possible values are: 'Vpn' and 'ExpressRoute'. - Vpn or ExpressRoute
vpnType enum No The type of this virtual network gateway. Possible values are: 'PolicyBased' and 'RouteBased'. - PolicyBased or RouteBased
enableBgp boolean No Whether BGP is enabled for this virtual network gateway or not.
activeActive boolean No ActiveActive flag
gatewayDefaultSite object No The reference of the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. - SubResource object
sku object No The reference of the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway. - VirtualNetworkGatewaySku object
vpnClientConfiguration object No The reference of the VpnClientConfiguration resource which represents the P2S VpnClient configurations. - VpnClientConfiguration object
bgpSettings object No Virtual network gateway's BGP speaker settings. - BgpSettings object
resourceGuid string No The resource GUID property of the VirtualNetworkGateway resource.

VirtualNetworkGatewayIPConfiguration object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the virtual network gateway ip configuration. - VirtualNetworkGatewayIPConfigurationPropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

SubResource object

Name Type Required Value
id string No Resource ID.

VirtualNetworkGatewaySku object

Name Type Required Value
name enum No Gateway SKU name. - Basic, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ, ErGw1AZ, ErGw2AZ, ErGw3AZ
tier enum No Gateway SKU tier. - Basic, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ, ErGw1AZ, ErGw2AZ, ErGw3AZ
capacity integer No The capacity.

VpnClientConfiguration object

Name Type Required Value
vpnClientAddressPool object No The reference of the address space resource which represents Address space for P2S VpnClient. - AddressSpace object
vpnClientRootCertificates array No VpnClientRootCertificate for virtual network gateway. - VpnClientRootCertificate object
vpnClientRevokedCertificates array No VpnClientRevokedCertificate for Virtual network gateway. - VpnClientRevokedCertificate object
vpnClientProtocols array No VpnClientProtocols for Virtual network gateway. - IkeV2, SSTP, OpenVPN
vpnClientIpsecPolicies array No VpnClientIpsecPolicies for virtual network gateway P2S client. - IpsecPolicy object
radiusServerAddress string No The radius server address property of the VirtualNetworkGateway resource for vpn client connection.
radiusServerSecret string No The radius secret property of the VirtualNetworkGateway resource for vpn client connection.

BgpSettings object

Name Type Required Value
asn integer No The BGP speaker's ASN.
bgpPeeringAddress string No The BGP peering address and BGP identifier of this BGP speaker.
peerWeight integer No The weight added to routes learned from this BGP speaker.

VirtualNetworkGatewayIPConfigurationPropertiesFormat object

Name Type Required Value
privateIPAllocationMethod enum No The private IP allocation method. Possible values are: 'Static' and 'Dynamic'. - Static or Dynamic
subnet object No The reference of the subnet resource. - SubResource object
publicIPAddress object No The reference of the public IP resource. - SubResource object

AddressSpace object

Name Type Required Value
addressPrefixes array No A list of address blocks reserved for this virtual network in CIDR notation. - string

VpnClientRootCertificate object

Name Type Required Value
id string No Resource ID.
properties object Yes Properties of the vpn client root certificate. - VpnClientRootCertificatePropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

VpnClientRevokedCertificate object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the vpn client revoked certificate. - VpnClientRevokedCertificatePropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

IpsecPolicy object

Name Type Required Value
saLifeTimeSeconds integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.
saDataSizeKilobytes integer Yes The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.
ipsecEncryption enum Yes The IPSec encryption algorithm (IKE phase 1). - None, DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256
ipsecIntegrity enum Yes The IPSec integrity algorithm (IKE phase 1). - MD5, SHA1, SHA256, GCMAES128, GCMAES192, GCMAES256
ikeEncryption enum Yes The IKE encryption algorithm (IKE phase 2). - DES, DES3, AES128, AES192, AES256, GCMAES256, GCMAES128
ikeIntegrity enum Yes The IKE integrity algorithm (IKE phase 2). - MD5, SHA1, SHA256, SHA384, GCMAES256, GCMAES128
dhGroup enum Yes The DH Groups used in IKE Phase 1 for initial SA. - None, DHGroup1, DHGroup2, DHGroup14, DHGroup2048, ECP256, ECP384, DHGroup24
pfsGroup enum Yes The Pfs Groups used in IKE Phase 2 for new child SA. - None, PFS1, PFS2, PFS2048, ECP256, ECP384, PFS24, PFS14, PFSMM

VpnClientRootCertificatePropertiesFormat object

Name Type Required Value
publicCertData string Yes The certificate public data.

VpnClientRevokedCertificatePropertiesFormat object

Name Type Required Value
thumbprint string No The revoked VPN client certificate thumbprint.

Quickstart templates

For example templates, see Network templates.