Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
New-AzVirtualNetworkGatewayConnection
- Module:
- Az.Network Module
Creates the Site-to-Site VPN connection between the virtual network gateway and the on-prem VPN device.
Syntax
SetByResource (Default)
New-AzVirtualNetworkGatewayConnection
-Name <String>
-ResourceGroupName <String>
-Location <String>
-VirtualNetworkGateway1 <PSVirtualNetworkGateway>
-ConnectionType <String>
[-AuthorizationKey <String>]
[-VirtualNetworkGateway2 <PSVirtualNetworkGateway>]
[-LocalNetworkGateway2 <PSLocalNetworkGateway>]
[-RoutingWeight <Int32>]
[-DpdTimeoutInSeconds <Int32>]
[-ConnectionMode <String>]
[-SharedKey <String>]
[-Peer <PSPeering>]
[-EnableBgp <Boolean>]
[-UseLocalAzureIpAddress]
[-Tag <Hashtable>]
[-Force]
[-UsePolicyBasedTrafficSelectors <Boolean>]
[-IpsecPolicies <PSIpsecPolicy[]>]
[-TrafficSelectorPolicy <PSTrafficSelectorPolicy[]>]
[-ConnectionProtocol <String>]
[-IngressNatRule <PSResourceId[]>]
[-EgressNatRule <PSResourceId[]>]
[-GatewayCustomBgpIpAddress <PSGatewayCustomBgpIpConfiguration[]>]
[-AuthenticationType <String>]
[-CertificateAuthentication <PSCertificateAuthentication>]
[-AsJob]
[-ExpressRouteGatewayBypass]
[-EnablePrivateLinkFastPath]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetByResourceId
New-AzVirtualNetworkGatewayConnection
-Name <String>
-ResourceGroupName <String>
-Location <String>
-VirtualNetworkGateway1 <PSVirtualNetworkGateway>
-ConnectionType <String>
[-AuthorizationKey <String>]
[-VirtualNetworkGateway2 <PSVirtualNetworkGateway>]
[-LocalNetworkGateway2 <PSLocalNetworkGateway>]
[-RoutingWeight <Int32>]
[-DpdTimeoutInSeconds <Int32>]
[-ConnectionMode <String>]
[-SharedKey <String>]
[-PeerId <String>]
[-EnableBgp <Boolean>]
[-UseLocalAzureIpAddress]
[-Tag <Hashtable>]
[-Force]
[-UsePolicyBasedTrafficSelectors <Boolean>]
[-IpsecPolicies <PSIpsecPolicy[]>]
[-TrafficSelectorPolicy <PSTrafficSelectorPolicy[]>]
[-ConnectionProtocol <String>]
[-IngressNatRule <PSResourceId[]>]
[-EgressNatRule <PSResourceId[]>]
[-GatewayCustomBgpIpAddress <PSGatewayCustomBgpIpConfiguration[]>]
[-AuthenticationType <String>]
[-CertificateAuthentication <PSCertificateAuthentication>]
[-AsJob]
[-ExpressRouteGatewayBypass]
[-EnablePrivateLinkFastPath]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Creates the Site-to-Site VPN connection between the virtual network gateway and the on-prem VPN device.
Examples
Example 1
$vnetgw1 = Get-AzVirtualNetworkGateway -ResourceGroupName "Rg1" -Name "gw1"
$vnetgw2 = Get-AzVirtualNetworkGateway -ResourceGroupName "Rg1" -Name "gw2"
New-AzVirtualNetworkGatewayConnection -Name conn-client-1 -ResourceGroupName "Rg1" -VirtualNetworkGateway1 $vnetgw1 -VirtualNetworkGateway2 $vnetgw2 -Location "eastus" -ConnectionType Vnet2Vnet -SharedKey 'a1b2c3d4e5'
Example 2 Add/Update IngressNatRule/EgressNatRule to an existing virtual network gateway connection
$vnetgw1 = Get-AzVirtualNetworkGateway -ResourceGroupName "Rg1" -Name "vnetgw1"
$vnetgw2 = Get-AzVirtualNetworkGateway -ResourceGroupName "Rg1" -Name "vnetgw2"
$ingressnatrule = Get-AzVirtualNetworkGatewayNatRule -ResourceGroupName "Rg1" -Name "natRule1" -ParentResourceName vnetgw1
$egressnatrule = Get-AzVirtualNetworkGatewayNatRule -ResourceGroupName "Rg1" -Name "natRule2" -ParentResourceName vnetgw1
New-AzVirtualNetworkGatewayConnection -Name conn-client-1 -ResourceGroupName $RG1 -VirtualNetworkGateway1 $vnetgw1 -VirtualNetworkGateway2 $vnetgw2 -Location "eastus" -ConnectionType Vnet2Vnet -SharedKey 'a1b2c3d4e5' `
-IngressNatRule $ingressnatrule -EgressNatRule $egressnatrule
The first command gets a virtual network gateway natRule named natRule1 that's type is IngressSnat. The second command gets a virtual network gateway natRule named natRule2 that's type is EgressSnat. The third command creates this new virtual Network gateway connection with Ingress and Egress NatRules.
Example 3 Add GatewayCustomBgpIpAddress to virtual network gateway connection
$LocalnetGateway = Get-AzLocalNetworkGateway -ResourceGroupName "PS_testing" -name "testLng"
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName PS_testing -ResourceName testGw
$address = New-AzGatewayCustomBgpIpConfigurationObject -IpConfigurationId "/subscriptions/83704d68-d560-4c67-b1c7-12404db89dc3/resourceGroups/PS_testing/providers/Microsoft.Network/virtualNetworkGateways/testGw/ipConfigurations/default" -CustomBgpIpAddress "169.254.21.1"
New-AzVirtualNetworkGatewayConnection -ResourceGroupName "PS_testing" -name "Conn" -location "eastus" -VirtualNetworkGateway1 $gateway -LocalNetworkGateway2 $localnetGateway -ConnectionType IPsec -RoutingWeight 3 -SharedKey abc -GatewayCustomBgpIpAddress $address -EnableBgp $true
The two command gets a local network gateway and virtual network gateway. The third command creates a AzGatewayCustomBgpIpConfigurationObject. The third command creates this new virtual Network gateway connection with GatewayCustomBgpIpAddress.
Example 4 Create a new virtual network gateway connection with certificate-based authentication
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName "myResourceGroup" -Name "myVnetGateway"
$localGateway = Get-AzLocalNetworkGateway -ResourceGroupName "myResourceGroup" -Name "myLocalGateway"
# Create certificate chain array with base64-encoded certificates (without BEGIN/END CERTIFICATE headers)
$certChain = @(
"MIIDfzCCAmegAwIBAgIQIFxjNWTuGjYGa8zJVnpfnDANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1DZXJ0QmFzZWRBdXRoMB4XDTI0MTIxODA1MjkzOVoXDTI1MTIxODA2MDk...",
"MIIDezCCAmOgAwIBAgIQQIpJdJF8D8JwkqF6fJ6zGDANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1DZXJ0QmFzZWRBdXRoMB4XDTI0MTIxODA1MjkzOVoXDTI1MTIxODA2MDk..."
)
$certAuth = New-AzVirtualNetworkGatewayCertificateAuthentication `
-OutboundAuthCertificate "https://myvault.vault.azure.net/certificates/mycert/abc123" `
-InboundAuthCertificateSubjectName "MyCertSubject" `
-InboundAuthCertificateChain $certChain
New-AzVirtualNetworkGatewayConnection -Name "myCertConnection" -ResourceGroupName "myResourceGroup" -Location "eastus" `
-VirtualNetworkGateway1 $gateway -LocalNetworkGateway2 $localGateway -ConnectionType IPsec `
-AuthenticationType "Certificate" -CertificateAuthentication $certAuth
This example creates a new virtual network gateway connection with certificate-based authentication. The first two commands get the virtual network gateway and local network gateway. The New-AzVirtualNetworkGatewayCertificateAuthentication cmdlet creates the certificate authentication configuration with the Key Vault certificate URL for outbound authentication, the certificate subject name for inbound authentication, and the certificate chain. The final command creates the new connection with certificate-based authentication instead of a pre-shared key.
Parameters
-AsJob
Run cmdlet in the background
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AuthenticationType
Gateway connection authentication type.
Parameter properties
| Type: | String |
| Default value: | None |
| Accepted values: | PSK, Certificate |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AuthorizationKey
AuthorizationKey.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-CertificateAuthentication
Certificate Authentication information for certificate based authentication connection.
Parameter properties
| Type: | PSCertificateAuthentication |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
-ConnectionMode
Virtual Network Gateway Connection Mode.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ConnectionProtocol
Gateway connection protocol:IKEv1/IKEv2
Parameter properties
| Type: | String |
| Default value: | None |
| Accepted values: | IKEv1, IKEv2 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ConnectionType
Gateway connection type:IPsec/Vnet2Vnet/ExpressRoute/VPNClient
Parameter properties
| Type: | String |
| Default value: | None |
| Accepted values: | IPsec, Vnet2Vnet, ExpressRoute, VPNClient |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
Parameter sets
-DpdTimeoutInSeconds
Dead Peer Detection Timeout of the connection in seconds.
Parameter properties
| Type: | Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EgressNatRule
The list of egress NAT rules that are associated with this Connection.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnableBgp
Whether to establish a BGP session over a S2S VPN tunnel
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-EnablePrivateLinkFastPath
Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastPath (ExpressRouteGatewayBypass) must be enabled.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ExpressRouteGatewayBypass
Whether to use accelerated virtual network access by bypassing gateway
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Force
Do not ask for confirmation if you want to overwrite a resource
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-GatewayCustomBgpIpAddress
The GatewayCustomBgpIpAddress of Virtual network gateway used in this connection.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-IngressNatRule
The list of ingress NAT rules that are associated with this Connection.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-IpsecPolicies
A list of IPSec policies.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-LocalNetworkGateway2
local network gateway.
Parameter properties
| Type: | PSLocalNetworkGateway |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Location
location.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Name
The resource name.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ResourceName |
Parameter sets
-Peer
Peer
Parameter properties
| Type: | PSPeering |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-PeerId
PeerId
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ResourceGroupName
The resource group name.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-RoutingWeight
RoutingWeight.
Parameter properties
| Type: | Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-SharedKey
The Ipsec share key.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Tag
A hashtable which represents resource tags.
Parameter properties
| Type: | Hashtable |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-TrafficSelectorPolicy
A list of traffic selector policies.
Parameter properties
| Type: | |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-UseLocalAzureIpAddress
Whether to use PrivateIP for this S2S VPN tunnel
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-UsePolicyBasedTrafficSelectors
Whether to use policy-based traffic selectors for a S2S connection
Parameter properties
| Type: | Boolean |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-VirtualNetworkGateway1
First virtual network gateway.
Parameter properties
| Type: | PSVirtualNetworkGateway |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-VirtualNetworkGateway2
Second virtual network gateway.
Parameter properties
| Type: | PSVirtualNetworkGateway |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
String
PSVirtualNetworkGateway
PSLocalNetworkGateway
Int32
PSPeering
Boolean
SwitchParameter
Hashtable
PSIpsecPolicy
PSTrafficSelectorPolicy
PSGatewayCustomBgpIpConfiguration
Outputs
PSVirtualNetworkGatewayConnection
Related Links
Azure PowerShell
Feedback
Was this page helpful?