1. Packages
  2. Azure Classic
  3. API Docs
  4. network
  5. VirtualNetworkGateway

We recommend using Azure Native.

Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi

azure.network.VirtualNetworkGateway

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi

    Manages a Virtual Network Gateway to establish secure, cross-premises connectivity.

    Note: Please be aware that provisioning a Virtual Network Gateway takes a long time (between 30 minutes and 1 hour)

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const example = new azure.core.ResourceGroup("example", {
        name: "test",
        location: "West Europe",
    });
    const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
        name: "test",
        location: example.location,
        resourceGroupName: example.name,
        addressSpaces: ["10.0.0.0/16"],
    });
    const exampleSubnet = new azure.network.Subnet("example", {
        name: "GatewaySubnet",
        resourceGroupName: example.name,
        virtualNetworkName: exampleVirtualNetwork.name,
        addressPrefixes: ["10.0.1.0/24"],
    });
    const examplePublicIp = new azure.network.PublicIp("example", {
        name: "test",
        location: example.location,
        resourceGroupName: example.name,
        allocationMethod: "Dynamic",
    });
    const exampleVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("example", {
        name: "test",
        location: example.location,
        resourceGroupName: example.name,
        type: "Vpn",
        vpnType: "RouteBased",
        activeActive: false,
        enableBgp: false,
        sku: "Basic",
        ipConfigurations: [{
            name: "vnetGatewayConfig",
            publicIpAddressId: examplePublicIp.id,
            privateIpAddressAllocation: "Dynamic",
            subnetId: exampleSubnet.id,
        }],
        vpnClientConfiguration: {
            addressSpaces: ["10.2.0.0/24"],
            rootCertificates: [{
                name: "DigiCert-Federated-ID-Root-CA",
                publicCertData: `MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
    MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
    d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
    Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
    BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
    Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
    QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
    zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
    GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
    GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
    Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
    DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
    HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
    jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
    9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
    QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
    uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
    WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
    M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
    `,
            }],
            revokedCertificates: [{
                name: "Verizon-Global-Root-CA",
                thumbprint: "912198EEF23DCAC40939312FEE97DD560BAE49B1",
            }],
        },
    });
    
    import pulumi
    import pulumi_azure as azure
    
    example = azure.core.ResourceGroup("example",
        name="test",
        location="West Europe")
    example_virtual_network = azure.network.VirtualNetwork("example",
        name="test",
        location=example.location,
        resource_group_name=example.name,
        address_spaces=["10.0.0.0/16"])
    example_subnet = azure.network.Subnet("example",
        name="GatewaySubnet",
        resource_group_name=example.name,
        virtual_network_name=example_virtual_network.name,
        address_prefixes=["10.0.1.0/24"])
    example_public_ip = azure.network.PublicIp("example",
        name="test",
        location=example.location,
        resource_group_name=example.name,
        allocation_method="Dynamic")
    example_virtual_network_gateway = azure.network.VirtualNetworkGateway("example",
        name="test",
        location=example.location,
        resource_group_name=example.name,
        type="Vpn",
        vpn_type="RouteBased",
        active_active=False,
        enable_bgp=False,
        sku="Basic",
        ip_configurations=[azure.network.VirtualNetworkGatewayIpConfigurationArgs(
            name="vnetGatewayConfig",
            public_ip_address_id=example_public_ip.id,
            private_ip_address_allocation="Dynamic",
            subnet_id=example_subnet.id,
        )],
        vpn_client_configuration=azure.network.VirtualNetworkGatewayVpnClientConfigurationArgs(
            address_spaces=["10.2.0.0/24"],
            root_certificates=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs(
                name="DigiCert-Federated-ID-Root-CA",
                public_cert_data="""MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
    MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
    d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
    Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
    BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
    Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
    QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
    zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
    GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
    GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
    Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
    DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
    HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
    jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
    9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
    QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
    uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
    WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
    M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
    """,
            )],
            revoked_certificates=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs(
                name="Verizon-Global-Root-CA",
                thumbprint="912198EEF23DCAC40939312FEE97DD560BAE49B1",
            )],
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("test"),
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "example", &network.VirtualNetworkArgs{
    			Name:              pulumi.String("test"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			AddressSpaces: pulumi.StringArray{
    				pulumi.String("10.0.0.0/16"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		exampleSubnet, err := network.NewSubnet(ctx, "example", &network.SubnetArgs{
    			Name:               pulumi.String("GatewaySubnet"),
    			ResourceGroupName:  example.Name,
    			VirtualNetworkName: exampleVirtualNetwork.Name,
    			AddressPrefixes: pulumi.StringArray{
    				pulumi.String("10.0.1.0/24"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		examplePublicIp, err := network.NewPublicIp(ctx, "example", &network.PublicIpArgs{
    			Name:              pulumi.String("test"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			AllocationMethod:  pulumi.String("Dynamic"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = network.NewVirtualNetworkGateway(ctx, "example", &network.VirtualNetworkGatewayArgs{
    			Name:              pulumi.String("test"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			Type:              pulumi.String("Vpn"),
    			VpnType:           pulumi.String("RouteBased"),
    			ActiveActive:      pulumi.Bool(false),
    			EnableBgp:         pulumi.Bool(false),
    			Sku:               pulumi.String("Basic"),
    			IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
    				&network.VirtualNetworkGatewayIpConfigurationArgs{
    					Name:                       pulumi.String("vnetGatewayConfig"),
    					PublicIpAddressId:          examplePublicIp.ID(),
    					PrivateIpAddressAllocation: pulumi.String("Dynamic"),
    					SubnetId:                   exampleSubnet.ID(),
    				},
    			},
    			VpnClientConfiguration: &network.VirtualNetworkGatewayVpnClientConfigurationArgs{
    				AddressSpaces: pulumi.StringArray{
    					pulumi.String("10.2.0.0/24"),
    				},
    				RootCertificates: network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArray{
    					&network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs{
    						Name: pulumi.String("DigiCert-Federated-ID-Root-CA"),
    						PublicCertData: pulumi.String(`MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
    MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
    d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
    Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
    BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
    Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
    QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
    zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
    GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
    GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
    Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
    DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
    HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
    jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
    9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
    QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
    uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
    WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
    M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
    `),
    					},
    				},
    				RevokedCertificates: network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArray{
    					&network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs{
    						Name:       pulumi.String("Verizon-Global-Root-CA"),
    						Thumbprint: pulumi.String("912198EEF23DCAC40939312FEE97DD560BAE49B1"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "test",
            Location = "West Europe",
        });
    
        var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("example", new()
        {
            Name = "test",
            Location = example.Location,
            ResourceGroupName = example.Name,
            AddressSpaces = new[]
            {
                "10.0.0.0/16",
            },
        });
    
        var exampleSubnet = new Azure.Network.Subnet("example", new()
        {
            Name = "GatewaySubnet",
            ResourceGroupName = example.Name,
            VirtualNetworkName = exampleVirtualNetwork.Name,
            AddressPrefixes = new[]
            {
                "10.0.1.0/24",
            },
        });
    
        var examplePublicIp = new Azure.Network.PublicIp("example", new()
        {
            Name = "test",
            Location = example.Location,
            ResourceGroupName = example.Name,
            AllocationMethod = "Dynamic",
        });
    
        var exampleVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("example", new()
        {
            Name = "test",
            Location = example.Location,
            ResourceGroupName = example.Name,
            Type = "Vpn",
            VpnType = "RouteBased",
            ActiveActive = false,
            EnableBgp = false,
            Sku = "Basic",
            IpConfigurations = new[]
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
                {
                    Name = "vnetGatewayConfig",
                    PublicIpAddressId = examplePublicIp.Id,
                    PrivateIpAddressAllocation = "Dynamic",
                    SubnetId = exampleSubnet.Id,
                },
            },
            VpnClientConfiguration = new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationArgs
            {
                AddressSpaces = new[]
                {
                    "10.2.0.0/24",
                },
                RootCertificates = new[]
                {
                    new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs
                    {
                        Name = "DigiCert-Federated-ID-Root-CA",
                        PublicCertData = @"MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
    MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
    d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
    Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
    BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
    Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
    QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
    zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
    GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
    GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
    Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
    DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
    HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
    jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
    9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
    QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
    uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
    WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
    M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
    ",
                    },
                },
                RevokedCertificates = new[]
                {
                    new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs
                    {
                        Name = "Verizon-Global-Root-CA",
                        Thumbprint = "912198EEF23DCAC40939312FEE97DD560BAE49B1",
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.network.VirtualNetwork;
    import com.pulumi.azure.network.VirtualNetworkArgs;
    import com.pulumi.azure.network.Subnet;
    import com.pulumi.azure.network.SubnetArgs;
    import com.pulumi.azure.network.PublicIp;
    import com.pulumi.azure.network.PublicIpArgs;
    import com.pulumi.azure.network.VirtualNetworkGateway;
    import com.pulumi.azure.network.VirtualNetworkGatewayArgs;
    import com.pulumi.azure.network.inputs.VirtualNetworkGatewayIpConfigurationArgs;
    import com.pulumi.azure.network.inputs.VirtualNetworkGatewayVpnClientConfigurationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()
                .name("test")
                .location("West Europe")
                .build());
    
            var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
                .name("test")
                .location(example.location())
                .resourceGroupName(example.name())
                .addressSpaces("10.0.0.0/16")
                .build());
    
            var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
                .name("GatewaySubnet")
                .resourceGroupName(example.name())
                .virtualNetworkName(exampleVirtualNetwork.name())
                .addressPrefixes("10.0.1.0/24")
                .build());
    
            var examplePublicIp = new PublicIp("examplePublicIp", PublicIpArgs.builder()
                .name("test")
                .location(example.location())
                .resourceGroupName(example.name())
                .allocationMethod("Dynamic")
                .build());
    
            var exampleVirtualNetworkGateway = new VirtualNetworkGateway("exampleVirtualNetworkGateway", VirtualNetworkGatewayArgs.builder()
                .name("test")
                .location(example.location())
                .resourceGroupName(example.name())
                .type("Vpn")
                .vpnType("RouteBased")
                .activeActive(false)
                .enableBgp(false)
                .sku("Basic")
                .ipConfigurations(VirtualNetworkGatewayIpConfigurationArgs.builder()
                    .name("vnetGatewayConfig")
                    .publicIpAddressId(examplePublicIp.id())
                    .privateIpAddressAllocation("Dynamic")
                    .subnetId(exampleSubnet.id())
                    .build())
                .vpnClientConfiguration(VirtualNetworkGatewayVpnClientConfigurationArgs.builder()
                    .addressSpaces("10.2.0.0/24")
                    .rootCertificates(VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs.builder()
                        .name("DigiCert-Federated-ID-Root-CA")
                        .publicCertData("""
    MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
    MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
    d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
    Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
    BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
    Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
    QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
    zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
    GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
    GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
    Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
    DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
    HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
    jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
    9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
    QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
    uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
    WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
    M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
                        """)
                        .build())
                    .revokedCertificates(VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs.builder()
                        .name("Verizon-Global-Root-CA")
                        .thumbprint("912198EEF23DCAC40939312FEE97DD560BAE49B1")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: test
          location: West Europe
      exampleVirtualNetwork:
        type: azure:network:VirtualNetwork
        name: example
        properties:
          name: test
          location: ${example.location}
          resourceGroupName: ${example.name}
          addressSpaces:
            - 10.0.0.0/16
      exampleSubnet:
        type: azure:network:Subnet
        name: example
        properties:
          name: GatewaySubnet
          resourceGroupName: ${example.name}
          virtualNetworkName: ${exampleVirtualNetwork.name}
          addressPrefixes:
            - 10.0.1.0/24
      examplePublicIp:
        type: azure:network:PublicIp
        name: example
        properties:
          name: test
          location: ${example.location}
          resourceGroupName: ${example.name}
          allocationMethod: Dynamic
      exampleVirtualNetworkGateway:
        type: azure:network:VirtualNetworkGateway
        name: example
        properties:
          name: test
          location: ${example.location}
          resourceGroupName: ${example.name}
          type: Vpn
          vpnType: RouteBased
          activeActive: false
          enableBgp: false
          sku: Basic
          ipConfigurations:
            - name: vnetGatewayConfig
              publicIpAddressId: ${examplePublicIp.id}
              privateIpAddressAllocation: Dynamic
              subnetId: ${exampleSubnet.id}
          vpnClientConfiguration:
            addressSpaces:
              - 10.2.0.0/24
            rootCertificates:
              - name: DigiCert-Federated-ID-Root-CA
                publicCertData: |
                  MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
                  MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
                  d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
                  Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
                  BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
                  Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
                  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
                  QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
                  zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
                  GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
                  GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
                  Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
                  DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
                  HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
                  jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
                  9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
                  QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
                  uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
                  WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
                  M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=              
            revokedCertificates:
              - name: Verizon-Global-Root-CA
                thumbprint: 912198EEF23DCAC40939312FEE97DD560BAE49B1
    

    Create VirtualNetworkGateway Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new VirtualNetworkGateway(name: string, args: VirtualNetworkGatewayArgs, opts?: CustomResourceOptions);
    @overload
    def VirtualNetworkGateway(resource_name: str,
                              args: VirtualNetworkGatewayArgs,
                              opts: Optional[ResourceOptions] = None)
    
    @overload
    def VirtualNetworkGateway(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              ip_configurations: Optional[Sequence[VirtualNetworkGatewayIpConfigurationArgs]] = None,
                              type: Optional[str] = None,
                              sku: Optional[str] = None,
                              resource_group_name: Optional[str] = None,
                              ip_sec_replay_protection_enabled: Optional[bool] = None,
                              policy_groups: Optional[Sequence[VirtualNetworkGatewayPolicyGroupArgs]] = None,
                              edge_zone: Optional[str] = None,
                              enable_bgp: Optional[bool] = None,
                              generation: Optional[str] = None,
                              default_local_network_gateway_id: Optional[str] = None,
                              active_active: Optional[bool] = None,
                              location: Optional[str] = None,
                              name: Optional[str] = None,
                              dns_forwarding_enabled: Optional[bool] = None,
                              private_ip_address_enabled: Optional[bool] = None,
                              remote_vnet_traffic_enabled: Optional[bool] = None,
                              custom_route: Optional[VirtualNetworkGatewayCustomRouteArgs] = None,
                              bgp_settings: Optional[VirtualNetworkGatewayBgpSettingsArgs] = None,
                              tags: Optional[Mapping[str, str]] = None,
                              bgp_route_translation_for_nat_enabled: Optional[bool] = None,
                              virtual_wan_traffic_enabled: Optional[bool] = None,
                              vpn_client_configuration: Optional[VirtualNetworkGatewayVpnClientConfigurationArgs] = None,
                              vpn_type: Optional[str] = None)
    func NewVirtualNetworkGateway(ctx *Context, name string, args VirtualNetworkGatewayArgs, opts ...ResourceOption) (*VirtualNetworkGateway, error)
    public VirtualNetworkGateway(string name, VirtualNetworkGatewayArgs args, CustomResourceOptions? opts = null)
    public VirtualNetworkGateway(String name, VirtualNetworkGatewayArgs args)
    public VirtualNetworkGateway(String name, VirtualNetworkGatewayArgs args, CustomResourceOptions options)
    
    type: azure:network:VirtualNetworkGateway
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args VirtualNetworkGatewayArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args VirtualNetworkGatewayArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args VirtualNetworkGatewayArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args VirtualNetworkGatewayArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args VirtualNetworkGatewayArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var virtualNetworkGatewayResource = new Azure.Network.VirtualNetworkGateway("virtualNetworkGatewayResource", new()
    {
        IpConfigurations = new[]
        {
            new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
            {
                PublicIpAddressId = "string",
                SubnetId = "string",
                Name = "string",
                PrivateIpAddressAllocation = "string",
            },
        },
        Type = "string",
        Sku = "string",
        ResourceGroupName = "string",
        IpSecReplayProtectionEnabled = false,
        PolicyGroups = new[]
        {
            new Azure.Network.Inputs.VirtualNetworkGatewayPolicyGroupArgs
            {
                Name = "string",
                PolicyMembers = new[]
                {
                    new Azure.Network.Inputs.VirtualNetworkGatewayPolicyGroupPolicyMemberArgs
                    {
                        Name = "string",
                        Type = "string",
                        Value = "string",
                    },
                },
                IsDefault = false,
                Priority = 0,
            },
        },
        EdgeZone = "string",
        EnableBgp = false,
        Generation = "string",
        DefaultLocalNetworkGatewayId = "string",
        ActiveActive = false,
        Location = "string",
        Name = "string",
        DnsForwardingEnabled = false,
        PrivateIpAddressEnabled = false,
        RemoteVnetTrafficEnabled = false,
        CustomRoute = new Azure.Network.Inputs.VirtualNetworkGatewayCustomRouteArgs
        {
            AddressPrefixes = new[]
            {
                "string",
            },
        },
        BgpSettings = new Azure.Network.Inputs.VirtualNetworkGatewayBgpSettingsArgs
        {
            Asn = 0,
            PeerWeight = 0,
            PeeringAddresses = new[]
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayBgpSettingsPeeringAddressArgs
                {
                    ApipaAddresses = new[]
                    {
                        "string",
                    },
                    DefaultAddresses = new[]
                    {
                        "string",
                    },
                    IpConfigurationName = "string",
                    TunnelIpAddresses = new[]
                    {
                        "string",
                    },
                },
            },
        },
        Tags = 
        {
            { "string", "string" },
        },
        BgpRouteTranslationForNatEnabled = false,
        VirtualWanTrafficEnabled = false,
        VpnClientConfiguration = new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationArgs
        {
            AddressSpaces = new[]
            {
                "string",
            },
            RadiusServerSecret = "string",
            AadTenant = "string",
            AadIssuer = "string",
            IpsecPolicy = new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationIpsecPolicyArgs
            {
                DhGroup = "string",
                IkeEncryption = "string",
                IkeIntegrity = "string",
                IpsecEncryption = "string",
                IpsecIntegrity = "string",
                PfsGroup = "string",
                SaDataSizeInKilobytes = 0,
                SaLifetimeInSeconds = 0,
            },
            RadiusServerAddress = "string",
            AadAudience = "string",
            RadiusServers = new[]
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRadiusServerArgs
                {
                    Address = "string",
                    Score = 0,
                    Secret = "string",
                },
            },
            RevokedCertificates = new[]
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs
                {
                    Name = "string",
                    Thumbprint = "string",
                },
            },
            RootCertificates = new[]
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs
                {
                    Name = "string",
                    PublicCertData = "string",
                },
            },
            VirtualNetworkGatewayClientConnections = new[]
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnectionArgs
                {
                    AddressPrefixes = new[]
                    {
                        "string",
                    },
                    Name = "string",
                    PolicyGroupNames = new[]
                    {
                        "string",
                    },
                },
            },
            VpnAuthTypes = new[]
            {
                "string",
            },
            VpnClientProtocols = new[]
            {
                "string",
            },
        },
        VpnType = "string",
    });
    
    example, err := network.NewVirtualNetworkGateway(ctx, "virtualNetworkGatewayResource", &network.VirtualNetworkGatewayArgs{
    	IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
    		&network.VirtualNetworkGatewayIpConfigurationArgs{
    			PublicIpAddressId:          pulumi.String("string"),
    			SubnetId:                   pulumi.String("string"),
    			Name:                       pulumi.String("string"),
    			PrivateIpAddressAllocation: pulumi.String("string"),
    		},
    	},
    	Type:                         pulumi.String("string"),
    	Sku:                          pulumi.String("string"),
    	ResourceGroupName:            pulumi.String("string"),
    	IpSecReplayProtectionEnabled: pulumi.Bool(false),
    	PolicyGroups: network.VirtualNetworkGatewayPolicyGroupArray{
    		&network.VirtualNetworkGatewayPolicyGroupArgs{
    			Name: pulumi.String("string"),
    			PolicyMembers: network.VirtualNetworkGatewayPolicyGroupPolicyMemberArray{
    				&network.VirtualNetworkGatewayPolicyGroupPolicyMemberArgs{
    					Name:  pulumi.String("string"),
    					Type:  pulumi.String("string"),
    					Value: pulumi.String("string"),
    				},
    			},
    			IsDefault: pulumi.Bool(false),
    			Priority:  pulumi.Int(0),
    		},
    	},
    	EdgeZone:                     pulumi.String("string"),
    	EnableBgp:                    pulumi.Bool(false),
    	Generation:                   pulumi.String("string"),
    	DefaultLocalNetworkGatewayId: pulumi.String("string"),
    	ActiveActive:                 pulumi.Bool(false),
    	Location:                     pulumi.String("string"),
    	Name:                         pulumi.String("string"),
    	DnsForwardingEnabled:         pulumi.Bool(false),
    	PrivateIpAddressEnabled:      pulumi.Bool(false),
    	RemoteVnetTrafficEnabled:     pulumi.Bool(false),
    	CustomRoute: &network.VirtualNetworkGatewayCustomRouteArgs{
    		AddressPrefixes: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	BgpSettings: &network.VirtualNetworkGatewayBgpSettingsArgs{
    		Asn:        pulumi.Int(0),
    		PeerWeight: pulumi.Int(0),
    		PeeringAddresses: network.VirtualNetworkGatewayBgpSettingsPeeringAddressArray{
    			&network.VirtualNetworkGatewayBgpSettingsPeeringAddressArgs{
    				ApipaAddresses: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				DefaultAddresses: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				IpConfigurationName: pulumi.String("string"),
    				TunnelIpAddresses: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    			},
    		},
    	},
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	BgpRouteTranslationForNatEnabled: pulumi.Bool(false),
    	VirtualWanTrafficEnabled:         pulumi.Bool(false),
    	VpnClientConfiguration: &network.VirtualNetworkGatewayVpnClientConfigurationArgs{
    		AddressSpaces: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		RadiusServerSecret: pulumi.String("string"),
    		AadTenant:          pulumi.String("string"),
    		AadIssuer:          pulumi.String("string"),
    		IpsecPolicy: &network.VirtualNetworkGatewayVpnClientConfigurationIpsecPolicyArgs{
    			DhGroup:               pulumi.String("string"),
    			IkeEncryption:         pulumi.String("string"),
    			IkeIntegrity:          pulumi.String("string"),
    			IpsecEncryption:       pulumi.String("string"),
    			IpsecIntegrity:        pulumi.String("string"),
    			PfsGroup:              pulumi.String("string"),
    			SaDataSizeInKilobytes: pulumi.Int(0),
    			SaLifetimeInSeconds:   pulumi.Int(0),
    		},
    		RadiusServerAddress: pulumi.String("string"),
    		AadAudience:         pulumi.String("string"),
    		RadiusServers: network.VirtualNetworkGatewayVpnClientConfigurationRadiusServerArray{
    			&network.VirtualNetworkGatewayVpnClientConfigurationRadiusServerArgs{
    				Address: pulumi.String("string"),
    				Score:   pulumi.Int(0),
    				Secret:  pulumi.String("string"),
    			},
    		},
    		RevokedCertificates: network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArray{
    			&network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs{
    				Name:       pulumi.String("string"),
    				Thumbprint: pulumi.String("string"),
    			},
    		},
    		RootCertificates: network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArray{
    			&network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs{
    				Name:           pulumi.String("string"),
    				PublicCertData: pulumi.String("string"),
    			},
    		},
    		VirtualNetworkGatewayClientConnections: network.VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnectionArray{
    			&network.VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnectionArgs{
    				AddressPrefixes: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				Name: pulumi.String("string"),
    				PolicyGroupNames: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    			},
    		},
    		VpnAuthTypes: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		VpnClientProtocols: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	VpnType: pulumi.String("string"),
    })
    
    var virtualNetworkGatewayResource = new VirtualNetworkGateway("virtualNetworkGatewayResource", VirtualNetworkGatewayArgs.builder()
        .ipConfigurations(VirtualNetworkGatewayIpConfigurationArgs.builder()
            .publicIpAddressId("string")
            .subnetId("string")
            .name("string")
            .privateIpAddressAllocation("string")
            .build())
        .type("string")
        .sku("string")
        .resourceGroupName("string")
        .ipSecReplayProtectionEnabled(false)
        .policyGroups(VirtualNetworkGatewayPolicyGroupArgs.builder()
            .name("string")
            .policyMembers(VirtualNetworkGatewayPolicyGroupPolicyMemberArgs.builder()
                .name("string")
                .type("string")
                .value("string")
                .build())
            .isDefault(false)
            .priority(0)
            .build())
        .edgeZone("string")
        .enableBgp(false)
        .generation("string")
        .defaultLocalNetworkGatewayId("string")
        .activeActive(false)
        .location("string")
        .name("string")
        .dnsForwardingEnabled(false)
        .privateIpAddressEnabled(false)
        .remoteVnetTrafficEnabled(false)
        .customRoute(VirtualNetworkGatewayCustomRouteArgs.builder()
            .addressPrefixes("string")
            .build())
        .bgpSettings(VirtualNetworkGatewayBgpSettingsArgs.builder()
            .asn(0)
            .peerWeight(0)
            .peeringAddresses(VirtualNetworkGatewayBgpSettingsPeeringAddressArgs.builder()
                .apipaAddresses("string")
                .defaultAddresses("string")
                .ipConfigurationName("string")
                .tunnelIpAddresses("string")
                .build())
            .build())
        .tags(Map.of("string", "string"))
        .bgpRouteTranslationForNatEnabled(false)
        .virtualWanTrafficEnabled(false)
        .vpnClientConfiguration(VirtualNetworkGatewayVpnClientConfigurationArgs.builder()
            .addressSpaces("string")
            .radiusServerSecret("string")
            .aadTenant("string")
            .aadIssuer("string")
            .ipsecPolicy(VirtualNetworkGatewayVpnClientConfigurationIpsecPolicyArgs.builder()
                .dhGroup("string")
                .ikeEncryption("string")
                .ikeIntegrity("string")
                .ipsecEncryption("string")
                .ipsecIntegrity("string")
                .pfsGroup("string")
                .saDataSizeInKilobytes(0)
                .saLifetimeInSeconds(0)
                .build())
            .radiusServerAddress("string")
            .aadAudience("string")
            .radiusServers(VirtualNetworkGatewayVpnClientConfigurationRadiusServerArgs.builder()
                .address("string")
                .score(0)
                .secret("string")
                .build())
            .revokedCertificates(VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs.builder()
                .name("string")
                .thumbprint("string")
                .build())
            .rootCertificates(VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs.builder()
                .name("string")
                .publicCertData("string")
                .build())
            .virtualNetworkGatewayClientConnections(VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnectionArgs.builder()
                .addressPrefixes("string")
                .name("string")
                .policyGroupNames("string")
                .build())
            .vpnAuthTypes("string")
            .vpnClientProtocols("string")
            .build())
        .vpnType("string")
        .build());
    
    virtual_network_gateway_resource = azure.network.VirtualNetworkGateway("virtualNetworkGatewayResource",
        ip_configurations=[azure.network.VirtualNetworkGatewayIpConfigurationArgs(
            public_ip_address_id="string",
            subnet_id="string",
            name="string",
            private_ip_address_allocation="string",
        )],
        type="string",
        sku="string",
        resource_group_name="string",
        ip_sec_replay_protection_enabled=False,
        policy_groups=[azure.network.VirtualNetworkGatewayPolicyGroupArgs(
            name="string",
            policy_members=[azure.network.VirtualNetworkGatewayPolicyGroupPolicyMemberArgs(
                name="string",
                type="string",
                value="string",
            )],
            is_default=False,
            priority=0,
        )],
        edge_zone="string",
        enable_bgp=False,
        generation="string",
        default_local_network_gateway_id="string",
        active_active=False,
        location="string",
        name="string",
        dns_forwarding_enabled=False,
        private_ip_address_enabled=False,
        remote_vnet_traffic_enabled=False,
        custom_route=azure.network.VirtualNetworkGatewayCustomRouteArgs(
            address_prefixes=["string"],
        ),
        bgp_settings=azure.network.VirtualNetworkGatewayBgpSettingsArgs(
            asn=0,
            peer_weight=0,
            peering_addresses=[azure.network.VirtualNetworkGatewayBgpSettingsPeeringAddressArgs(
                apipa_addresses=["string"],
                default_addresses=["string"],
                ip_configuration_name="string",
                tunnel_ip_addresses=["string"],
            )],
        ),
        tags={
            "string": "string",
        },
        bgp_route_translation_for_nat_enabled=False,
        virtual_wan_traffic_enabled=False,
        vpn_client_configuration=azure.network.VirtualNetworkGatewayVpnClientConfigurationArgs(
            address_spaces=["string"],
            radius_server_secret="string",
            aad_tenant="string",
            aad_issuer="string",
            ipsec_policy=azure.network.VirtualNetworkGatewayVpnClientConfigurationIpsecPolicyArgs(
                dh_group="string",
                ike_encryption="string",
                ike_integrity="string",
                ipsec_encryption="string",
                ipsec_integrity="string",
                pfs_group="string",
                sa_data_size_in_kilobytes=0,
                sa_lifetime_in_seconds=0,
            ),
            radius_server_address="string",
            aad_audience="string",
            radius_servers=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRadiusServerArgs(
                address="string",
                score=0,
                secret="string",
            )],
            revoked_certificates=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs(
                name="string",
                thumbprint="string",
            )],
            root_certificates=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs(
                name="string",
                public_cert_data="string",
            )],
            virtual_network_gateway_client_connections=[azure.network.VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnectionArgs(
                address_prefixes=["string"],
                name="string",
                policy_group_names=["string"],
            )],
            vpn_auth_types=["string"],
            vpn_client_protocols=["string"],
        ),
        vpn_type="string")
    
    const virtualNetworkGatewayResource = new azure.network.VirtualNetworkGateway("virtualNetworkGatewayResource", {
        ipConfigurations: [{
            publicIpAddressId: "string",
            subnetId: "string",
            name: "string",
            privateIpAddressAllocation: "string",
        }],
        type: "string",
        sku: "string",
        resourceGroupName: "string",
        ipSecReplayProtectionEnabled: false,
        policyGroups: [{
            name: "string",
            policyMembers: [{
                name: "string",
                type: "string",
                value: "string",
            }],
            isDefault: false,
            priority: 0,
        }],
        edgeZone: "string",
        enableBgp: false,
        generation: "string",
        defaultLocalNetworkGatewayId: "string",
        activeActive: false,
        location: "string",
        name: "string",
        dnsForwardingEnabled: false,
        privateIpAddressEnabled: false,
        remoteVnetTrafficEnabled: false,
        customRoute: {
            addressPrefixes: ["string"],
        },
        bgpSettings: {
            asn: 0,
            peerWeight: 0,
            peeringAddresses: [{
                apipaAddresses: ["string"],
                defaultAddresses: ["string"],
                ipConfigurationName: "string",
                tunnelIpAddresses: ["string"],
            }],
        },
        tags: {
            string: "string",
        },
        bgpRouteTranslationForNatEnabled: false,
        virtualWanTrafficEnabled: false,
        vpnClientConfiguration: {
            addressSpaces: ["string"],
            radiusServerSecret: "string",
            aadTenant: "string",
            aadIssuer: "string",
            ipsecPolicy: {
                dhGroup: "string",
                ikeEncryption: "string",
                ikeIntegrity: "string",
                ipsecEncryption: "string",
                ipsecIntegrity: "string",
                pfsGroup: "string",
                saDataSizeInKilobytes: 0,
                saLifetimeInSeconds: 0,
            },
            radiusServerAddress: "string",
            aadAudience: "string",
            radiusServers: [{
                address: "string",
                score: 0,
                secret: "string",
            }],
            revokedCertificates: [{
                name: "string",
                thumbprint: "string",
            }],
            rootCertificates: [{
                name: "string",
                publicCertData: "string",
            }],
            virtualNetworkGatewayClientConnections: [{
                addressPrefixes: ["string"],
                name: "string",
                policyGroupNames: ["string"],
            }],
            vpnAuthTypes: ["string"],
            vpnClientProtocols: ["string"],
        },
        vpnType: "string",
    });
    
    type: azure:network:VirtualNetworkGateway
    properties:
        activeActive: false
        bgpRouteTranslationForNatEnabled: false
        bgpSettings:
            asn: 0
            peerWeight: 0
            peeringAddresses:
                - apipaAddresses:
                    - string
                  defaultAddresses:
                    - string
                  ipConfigurationName: string
                  tunnelIpAddresses:
                    - string
        customRoute:
            addressPrefixes:
                - string
        defaultLocalNetworkGatewayId: string
        dnsForwardingEnabled: false
        edgeZone: string
        enableBgp: false
        generation: string
        ipConfigurations:
            - name: string
              privateIpAddressAllocation: string
              publicIpAddressId: string
              subnetId: string
        ipSecReplayProtectionEnabled: false
        location: string
        name: string
        policyGroups:
            - isDefault: false
              name: string
              policyMembers:
                - name: string
                  type: string
                  value: string
              priority: 0
        privateIpAddressEnabled: false
        remoteVnetTrafficEnabled: false
        resourceGroupName: string
        sku: string
        tags:
            string: string
        type: string
        virtualWanTrafficEnabled: false
        vpnClientConfiguration:
            aadAudience: string
            aadIssuer: string
            aadTenant: string
            addressSpaces:
                - string
            ipsecPolicy:
                dhGroup: string
                ikeEncryption: string
                ikeIntegrity: string
                ipsecEncryption: string
                ipsecIntegrity: string
                pfsGroup: string
                saDataSizeInKilobytes: 0
                saLifetimeInSeconds: 0
            radiusServerAddress: string
            radiusServerSecret: string
            radiusServers:
                - address: string
                  score: 0
                  secret: string
            revokedCertificates:
                - name: string
                  thumbprint: string
            rootCertificates:
                - name: string
                  publicCertData: string
            virtualNetworkGatewayClientConnections:
                - addressPrefixes:
                    - string
                  name: string
                  policyGroupNames:
                    - string
            vpnAuthTypes:
                - string
            vpnClientProtocols:
                - string
        vpnType: string
    

    VirtualNetworkGateway Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The VirtualNetworkGateway resource accepts the following input properties:

    IpConfigurations List<VirtualNetworkGatewayIpConfiguration>
    One or more (up to 3) ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
    ResourceGroupName string
    The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
    Sku string

    Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

    NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"

    NOTE: Not all SKUs (e.g. ErGw1AZ) are available in all regions. If you see StatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType" please try another region.

    Type string
    The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
    ActiveActive bool
    If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.
    BgpRouteTranslationForNatEnabled bool
    Is BGP Route Translation for NAT enabled? Defaults to false.
    BgpSettings VirtualNetworkGatewayBgpSettings
    A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
    CustomRoute VirtualNetworkGatewayCustomRoute
    A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
    DefaultLocalNetworkGatewayId string
    The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
    DnsForwardingEnabled bool
    Is DNS forwarding enabled?
    EdgeZone string
    Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
    EnableBgp bool
    If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
    Generation string

    The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

    NOTE: The available values depend on the type and sku arguments - where Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ.

    IpSecReplayProtectionEnabled bool
    Is IP Sec Replay Protection enabled? Defaults to true.
    Location string
    The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
    Name string
    The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
    PolicyGroups List<VirtualNetworkGatewayPolicyGroup>
    One or more policy_group blocks as defined below.
    PrivateIpAddressEnabled bool
    Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
    RemoteVnetTrafficEnabled bool
    Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to false.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    VirtualWanTrafficEnabled bool
    Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to false.
    VpnClientConfiguration VirtualNetworkGatewayVpnClientConfiguration
    A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
    VpnType string
    The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.
    IpConfigurations []VirtualNetworkGatewayIpConfigurationArgs
    One or more (up to 3) ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
    ResourceGroupName string
    The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
    Sku string

    Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

    NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"

    NOTE: Not all SKUs (e.g. ErGw1AZ) are available in all regions. If you see StatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType" please try another region.

    Type string
    The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
    ActiveActive bool
    If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.
    BgpRouteTranslationForNatEnabled bool
    Is BGP Route Translation for NAT enabled? Defaults to false.
    BgpSettings VirtualNetworkGatewayBgpSettingsArgs
    A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
    CustomRoute VirtualNetworkGatewayCustomRouteArgs
    A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
    DefaultLocalNetworkGatewayId string
    The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
    DnsForwardingEnabled bool
    Is DNS forwarding enabled?
    EdgeZone string
    Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
    EnableBgp bool
    If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
    Generation string

    The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

    NOTE: The available values depend on the type and sku arguments - where Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ.

    IpSecReplayProtectionEnabled bool
    Is IP Sec Replay Protection enabled? Defaults to true.
    Location string
    The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
    Name string
    The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
    PolicyGroups []VirtualNetworkGatewayPolicyGroupArgs
    One or more policy_group blocks as defined below.
    PrivateIpAddressEnabled bool
    Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
    RemoteVnetTrafficEnabled bool
    Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to false.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    VirtualWanTrafficEnabled bool
    Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to false.
    VpnClientConfiguration VirtualNetworkGatewayVpnClientConfigurationArgs
    A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
    VpnType string
    The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.
    ipConfigurations List<VirtualNetworkGatewayIpConfiguration>
    One or more (up to 3) ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
    resourceGroupName String
    The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
    sku String

    Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

    NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"

    NOTE: Not all SKUs (e.g. ErGw1AZ) are available in all regions. If you see StatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType" please try another region.

    type String
    The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
    activeActive Boolean
    If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.
    bgpRouteTranslationForNatEnabled Boolean
    Is BGP Route Translation for NAT enabled? Defaults to false.
    bgpSettings VirtualNetworkGatewayBgpSettings
    A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
    customRoute VirtualNetworkGatewayCustomRoute
    A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
    defaultLocalNetworkGatewayId String
    The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
    dnsForwardingEnabled Boolean
    Is DNS forwarding enabled?
    edgeZone String
    Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
    enableBgp Boolean
    If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
    generation String

    The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

    NOTE: The available values depend on the type and sku arguments - where Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ.

    ipSecReplayProtectionEnabled Boolean
    Is IP Sec Replay Protection enabled? Defaults to true.
    location String
    The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
    name String
    The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
    policyGroups List<VirtualNetworkGatewayPolicyGroup>
    One or more policy_group blocks as defined below.
    privateIpAddressEnabled Boolean
    Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
    remoteVnetTrafficEnabled Boolean
    Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to false.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    virtualWanTrafficEnabled Boolean
    Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to false.
    vpnClientConfiguration VirtualNetworkGatewayVpnClientConfiguration
    A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
    vpnType String
    The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.
    ipConfigurations VirtualNetworkGatewayIpConfiguration[]
    One or more (up to 3) ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
    resourceGroupName string
    The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
    sku string

    Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

    NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"

    NOTE: Not all SKUs (e.g. ErGw1AZ) are available in all regions. If you see StatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType" please try another region.

    type string
    The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
    activeActive boolean
    If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.
    bgpRouteTranslationForNatEnabled boolean
    Is BGP Route Translation for NAT enabled? Defaults to false.
    bgpSettings VirtualNetworkGatewayBgpSettings
    A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
    customRoute VirtualNetworkGatewayCustomRoute
    A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
    defaultLocalNetworkGatewayId string
    The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
    dnsForwardingEnabled boolean
    Is DNS forwarding enabled?
    edgeZone string
    Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
    enableBgp boolean
    If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
    generation string

    The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

    NOTE: The available values depend on the type and sku arguments - where Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ.

    ipSecReplayProtectionEnabled boolean
    Is IP Sec Replay Protection enabled? Defaults to true.
    location string
    The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
    name string
    The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
    policyGroups VirtualNetworkGatewayPolicyGroup[]
    One or more policy_group blocks as defined below.
    privateIpAddressEnabled boolean
    Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
    remoteVnetTrafficEnabled boolean
    Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to false.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    virtualWanTrafficEnabled boolean
    Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to false.
    vpnClientConfiguration VirtualNetworkGatewayVpnClientConfiguration
    A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
    vpnType string
    The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.
    ip_configurations Sequence[VirtualNetworkGatewayIpConfigurationArgs]
    One or more (up to 3) ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
    resource_group_name str
    The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
    sku str

    Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

    NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"

    NOTE: Not all SKUs (e.g. ErGw1AZ) are available in all regions. If you see StatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType" please try another region.

    type str
    The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
    active_active bool
    If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.
    bgp_route_translation_for_nat_enabled bool
    Is BGP Route Translation for NAT enabled? Defaults to false.
    bgp_settings VirtualNetworkGatewayBgpSettingsArgs
    A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
    custom_route VirtualNetworkGatewayCustomRouteArgs
    A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
    default_local_network_gateway_id str
    The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
    dns_forwarding_enabled bool
    Is DNS forwarding enabled?
    edge_zone str
    Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
    enable_bgp bool
    If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
    generation str

    The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

    NOTE: The available values depend on the type and sku arguments - where Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ.

    ip_sec_replay_protection_enabled bool
    Is IP Sec Replay Protection enabled? Defaults to true.
    location str
    The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
    name str
    The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
    policy_groups Sequence[VirtualNetworkGatewayPolicyGroupArgs]
    One or more policy_group blocks as defined below.
    private_ip_address_enabled bool
    Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
    remote_vnet_traffic_enabled bool
    Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to false.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    virtual_wan_traffic_enabled bool
    Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to false.
    vpn_client_configuration VirtualNetworkGatewayVpnClientConfigurationArgs
    A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
    vpn_type str
    The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.
    ipConfigurations List<Property Map>
    One or more (up to 3) ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
    resourceGroupName String
    The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
    sku String

    Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

    NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"

    NOTE: Not all SKUs (e.g. ErGw1AZ) are available in all regions. If you see StatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType" please try another region.

    type String
    The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
    activeActive Boolean
    If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.
    bgpRouteTranslationForNatEnabled Boolean
    Is BGP Route Translation for NAT enabled? Defaults to false.
    bgpSettings Property Map
    A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
    customRoute Property Map
    A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
    defaultLocalNetworkGatewayId String
    The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
    dnsForwardingEnabled Boolean
    Is DNS forwarding enabled?
    edgeZone String
    Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
    enableBgp Boolean
    If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
    generation String

    The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

    NOTE: The available values depend on the type and sku arguments - where Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ.

    ipSecReplayProtectionEnabled Boolean
    Is IP Sec Replay Protection enabled? Defaults to true.
    location String
    The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
    name String
    The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
    policyGroups List<Property Map>
    One or more policy_group blocks as defined below.
    privateIpAddressEnabled Boolean
    Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
    remoteVnetTrafficEnabled Boolean
    Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to false.
    tags Map<String>
    A mapping of tags to assign to the resource.
    virtualWanTrafficEnabled Boolean
    Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to false.
    vpnClientConfiguration Property Map
    A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
    vpnType String
    The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the VirtualNetworkGateway resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing VirtualNetworkGateway Resource

    Get an existing VirtualNetworkGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: VirtualNetworkGatewayState, opts?: CustomResourceOptions): VirtualNetworkGateway
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            active_active: Optional[bool] = None,
            bgp_route_translation_for_nat_enabled: Optional[bool] = None,
            bgp_settings: Optional[VirtualNetworkGatewayBgpSettingsArgs] = None,
            custom_route: Optional[VirtualNetworkGatewayCustomRouteArgs] = None,
            default_local_network_gateway_id: Optional[str] = None,
            dns_forwarding_enabled: Optional[bool] = None,
            edge_zone: Optional[str] = None,
            enable_bgp: Optional[bool] = None,
            generation: Optional[str] = None,
            ip_configurations: Optional[Sequence[VirtualNetworkGatewayIpConfigurationArgs]] = None,
            ip_sec_replay_protection_enabled: Optional[bool] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            policy_groups: Optional[Sequence[VirtualNetworkGatewayPolicyGroupArgs]] = None,
            private_ip_address_enabled: Optional[bool] = None,
            remote_vnet_traffic_enabled: Optional[bool] = None,
            resource_group_name: Optional[str] = None,
            sku: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            type: Optional[str] = None,
            virtual_wan_traffic_enabled: Optional[bool] = None,
            vpn_client_configuration: Optional[VirtualNetworkGatewayVpnClientConfigurationArgs] = None,
            vpn_type: Optional[str] = None) -> VirtualNetworkGateway
    func GetVirtualNetworkGateway(ctx *Context, name string, id IDInput, state *VirtualNetworkGatewayState, opts ...ResourceOption) (*VirtualNetworkGateway, error)
    public static VirtualNetworkGateway Get(string name, Input<string> id, VirtualNetworkGatewayState? state, CustomResourceOptions? opts = null)
    public static VirtualNetworkGateway get(String name, Output<String> id, VirtualNetworkGatewayState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ActiveActive bool
    If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.
    BgpRouteTranslationForNatEnabled bool
    Is BGP Route Translation for NAT enabled? Defaults to false.
    BgpSettings VirtualNetworkGatewayBgpSettings
    A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
    CustomRoute VirtualNetworkGatewayCustomRoute
    A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
    DefaultLocalNetworkGatewayId string
    The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
    DnsForwardingEnabled bool
    Is DNS forwarding enabled?
    EdgeZone string
    Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
    EnableBgp bool
    If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
    Generation string

    The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

    NOTE: The available values depend on the type and sku arguments - where Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ.

    IpConfigurations List<VirtualNetworkGatewayIpConfiguration>
    One or more (up to 3) ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
    IpSecReplayProtectionEnabled bool
    Is IP Sec Replay Protection enabled? Defaults to true.
    Location string
    The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
    Name string
    The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
    PolicyGroups List<VirtualNetworkGatewayPolicyGroup>
    One or more policy_group blocks as defined below.
    PrivateIpAddressEnabled bool
    Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
    RemoteVnetTrafficEnabled bool
    Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to false.
    ResourceGroupName string
    The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
    Sku string

    Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

    NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"

    NOTE: Not all SKUs (e.g. ErGw1AZ) are available in all regions. If you see StatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType" please try another region.

    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    Type string
    The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
    VirtualWanTrafficEnabled bool
    Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to false.
    VpnClientConfiguration VirtualNetworkGatewayVpnClientConfiguration
    A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
    VpnType string
    The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.
    ActiveActive bool
    If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.
    BgpRouteTranslationForNatEnabled bool
    Is BGP Route Translation for NAT enabled? Defaults to false.
    BgpSettings VirtualNetworkGatewayBgpSettingsArgs
    A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
    CustomRoute VirtualNetworkGatewayCustomRouteArgs
    A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
    DefaultLocalNetworkGatewayId string
    The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
    DnsForwardingEnabled bool
    Is DNS forwarding enabled?
    EdgeZone string
    Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
    EnableBgp bool
    If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
    Generation string

    The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

    NOTE: The available values depend on the type and sku arguments - where Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ.

    IpConfigurations []VirtualNetworkGatewayIpConfigurationArgs
    One or more (up to 3) ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
    IpSecReplayProtectionEnabled bool
    Is IP Sec Replay Protection enabled? Defaults to true.
    Location string
    The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
    Name string
    The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
    PolicyGroups []VirtualNetworkGatewayPolicyGroupArgs
    One or more policy_group blocks as defined below.
    PrivateIpAddressEnabled bool
    Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
    RemoteVnetTrafficEnabled bool
    Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to false.
    ResourceGroupName string
    The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
    Sku string

    Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

    NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"

    NOTE: Not all SKUs (e.g. ErGw1AZ) are available in all regions. If you see StatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType" please try another region.

    Tags map[string]string
    A mapping of tags to assign to the resource.
    Type string
    The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
    VirtualWanTrafficEnabled bool
    Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to false.
    VpnClientConfiguration VirtualNetworkGatewayVpnClientConfigurationArgs
    A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
    VpnType string
    The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.
    activeActive Boolean
    If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.
    bgpRouteTranslationForNatEnabled Boolean
    Is BGP Route Translation for NAT enabled? Defaults to false.
    bgpSettings VirtualNetworkGatewayBgpSettings
    A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
    customRoute VirtualNetworkGatewayCustomRoute
    A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
    defaultLocalNetworkGatewayId String
    The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
    dnsForwardingEnabled Boolean
    Is DNS forwarding enabled?
    edgeZone String
    Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
    enableBgp Boolean
    If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
    generation String

    The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

    NOTE: The available values depend on the type and sku arguments - where Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ.

    ipConfigurations List<VirtualNetworkGatewayIpConfiguration>
    One or more (up to 3) ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
    ipSecReplayProtectionEnabled Boolean
    Is IP Sec Replay Protection enabled? Defaults to true.
    location String
    The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
    name String
    The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
    policyGroups List<VirtualNetworkGatewayPolicyGroup>
    One or more policy_group blocks as defined below.
    privateIpAddressEnabled Boolean
    Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
    remoteVnetTrafficEnabled Boolean
    Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to false.
    resourceGroupName String
    The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
    sku String

    Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

    NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"

    NOTE: Not all SKUs (e.g. ErGw1AZ) are available in all regions. If you see StatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType" please try another region.

    tags Map<String,String>
    A mapping of tags to assign to the resource.
    type String
    The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
    virtualWanTrafficEnabled Boolean
    Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to false.
    vpnClientConfiguration VirtualNetworkGatewayVpnClientConfiguration
    A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
    vpnType String
    The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.
    activeActive boolean
    If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.
    bgpRouteTranslationForNatEnabled boolean
    Is BGP Route Translation for NAT enabled? Defaults to false.
    bgpSettings VirtualNetworkGatewayBgpSettings
    A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
    customRoute VirtualNetworkGatewayCustomRoute
    A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
    defaultLocalNetworkGatewayId string
    The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
    dnsForwardingEnabled boolean
    Is DNS forwarding enabled?
    edgeZone string
    Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
    enableBgp boolean
    If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
    generation string

    The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

    NOTE: The available values depend on the type and sku arguments - where Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ.

    ipConfigurations VirtualNetworkGatewayIpConfiguration[]
    One or more (up to 3) ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
    ipSecReplayProtectionEnabled boolean
    Is IP Sec Replay Protection enabled? Defaults to true.
    location string
    The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
    name string
    The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
    policyGroups VirtualNetworkGatewayPolicyGroup[]
    One or more policy_group blocks as defined below.
    privateIpAddressEnabled boolean
    Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
    remoteVnetTrafficEnabled boolean
    Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to false.
    resourceGroupName string
    The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
    sku string

    Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

    NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"

    NOTE: Not all SKUs (e.g. ErGw1AZ) are available in all regions. If you see StatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType" please try another region.

    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    type string
    The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
    virtualWanTrafficEnabled boolean
    Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to false.
    vpnClientConfiguration VirtualNetworkGatewayVpnClientConfiguration
    A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
    vpnType string
    The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.
    active_active bool
    If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.
    bgp_route_translation_for_nat_enabled bool
    Is BGP Route Translation for NAT enabled? Defaults to false.
    bgp_settings VirtualNetworkGatewayBgpSettingsArgs
    A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
    custom_route VirtualNetworkGatewayCustomRouteArgs
    A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
    default_local_network_gateway_id str
    The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
    dns_forwarding_enabled bool
    Is DNS forwarding enabled?
    edge_zone str
    Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
    enable_bgp bool
    If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
    generation str

    The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

    NOTE: The available values depend on the type and sku arguments - where Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ.

    ip_configurations Sequence[VirtualNetworkGatewayIpConfigurationArgs]
    One or more (up to 3) ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
    ip_sec_replay_protection_enabled bool
    Is IP Sec Replay Protection enabled? Defaults to true.
    location str
    The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
    name str
    The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
    policy_groups Sequence[VirtualNetworkGatewayPolicyGroupArgs]
    One or more policy_group blocks as defined below.
    private_ip_address_enabled bool
    Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
    remote_vnet_traffic_enabled bool
    Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to false.
    resource_group_name str
    The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
    sku str

    Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

    NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"

    NOTE: Not all SKUs (e.g. ErGw1AZ) are available in all regions. If you see StatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType" please try another region.

    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    type str
    The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
    virtual_wan_traffic_enabled bool
    Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to false.
    vpn_client_configuration VirtualNetworkGatewayVpnClientConfigurationArgs
    A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
    vpn_type str
    The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.
    activeActive Boolean
    If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.
    bgpRouteTranslationForNatEnabled Boolean
    Is BGP Route Translation for NAT enabled? Defaults to false.
    bgpSettings Property Map
    A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.
    customRoute Property Map
    A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.
    defaultLocalNetworkGatewayId String
    The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
    dnsForwardingEnabled Boolean
    Is DNS forwarding enabled?
    edgeZone String
    Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
    enableBgp Boolean
    If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
    generation String

    The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

    NOTE: The available values depend on the type and sku arguments - where Generation2 is only value for a sku larger than VpnGw2 or VpnGw2AZ.

    ipConfigurations List<Property Map>
    One or more (up to 3) ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.
    ipSecReplayProtectionEnabled Boolean
    Is IP Sec Replay Protection enabled? Defaults to true.
    location String
    The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
    name String
    The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
    policyGroups List<Property Map>
    One or more policy_group blocks as defined below.
    privateIpAddressEnabled Boolean
    Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
    remoteVnetTrafficEnabled Boolean
    Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to false.
    resourceGroupName String
    The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
    sku String

    Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

    NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"

    NOTE: Not all SKUs (e.g. ErGw1AZ) are available in all regions. If you see StatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType" please try another region.

    tags Map<String>
    A mapping of tags to assign to the resource.
    type String
    The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
    virtualWanTrafficEnabled Boolean
    Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to false.
    vpnClientConfiguration Property Map
    A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
    vpnType String
    The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

    Supporting Types

    VirtualNetworkGatewayBgpSettings, VirtualNetworkGatewayBgpSettingsArgs

    Asn int
    The Autonomous System Number (ASN) to use as part of the BGP.
    PeerWeight int
    The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.
    PeeringAddresses List<VirtualNetworkGatewayBgpSettingsPeeringAddress>
    A list of peering_addresses blocks as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.
    Asn int
    The Autonomous System Number (ASN) to use as part of the BGP.
    PeerWeight int
    The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.
    PeeringAddresses []VirtualNetworkGatewayBgpSettingsPeeringAddress
    A list of peering_addresses blocks as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.
    asn Integer
    The Autonomous System Number (ASN) to use as part of the BGP.
    peerWeight Integer
    The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.
    peeringAddresses List<VirtualNetworkGatewayBgpSettingsPeeringAddress>
    A list of peering_addresses blocks as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.
    asn number
    The Autonomous System Number (ASN) to use as part of the BGP.
    peerWeight number
    The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.
    peeringAddresses VirtualNetworkGatewayBgpSettingsPeeringAddress[]
    A list of peering_addresses blocks as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.
    asn int
    The Autonomous System Number (ASN) to use as part of the BGP.
    peer_weight int
    The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.
    peering_addresses Sequence[VirtualNetworkGatewayBgpSettingsPeeringAddress]
    A list of peering_addresses blocks as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.
    asn Number
    The Autonomous System Number (ASN) to use as part of the BGP.
    peerWeight Number
    The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.
    peeringAddresses List<Property Map>
    A list of peering_addresses blocks as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.

    VirtualNetworkGatewayBgpSettingsPeeringAddress, VirtualNetworkGatewayBgpSettingsPeeringAddressArgs

    ApipaAddresses List<string>

    A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.

    Note: The valid range for the reserved APIPA address in Azure Public is from 169.254.21.0 to 169.254.22.255.

    DefaultAddresses List<string>
    A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
    IpConfigurationName string
    The name of the IP configuration of this Virtual Network Gateway. In case there are multiple ip_configuration blocks defined, this property is required to specify.
    TunnelIpAddresses List<string>
    A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
    ApipaAddresses []string

    A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.

    Note: The valid range for the reserved APIPA address in Azure Public is from 169.254.21.0 to 169.254.22.255.

    DefaultAddresses []string
    A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
    IpConfigurationName string
    The name of the IP configuration of this Virtual Network Gateway. In case there are multiple ip_configuration blocks defined, this property is required to specify.
    TunnelIpAddresses []string
    A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
    apipaAddresses List<String>

    A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.

    Note: The valid range for the reserved APIPA address in Azure Public is from 169.254.21.0 to 169.254.22.255.

    defaultAddresses List<String>
    A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
    ipConfigurationName String
    The name of the IP configuration of this Virtual Network Gateway. In case there are multiple ip_configuration blocks defined, this property is required to specify.
    tunnelIpAddresses List<String>
    A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
    apipaAddresses string[]

    A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.

    Note: The valid range for the reserved APIPA address in Azure Public is from 169.254.21.0 to 169.254.22.255.

    defaultAddresses string[]
    A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
    ipConfigurationName string
    The name of the IP configuration of this Virtual Network Gateway. In case there are multiple ip_configuration blocks defined, this property is required to specify.
    tunnelIpAddresses string[]
    A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
    apipa_addresses Sequence[str]

    A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.

    Note: The valid range for the reserved APIPA address in Azure Public is from 169.254.21.0 to 169.254.22.255.

    default_addresses Sequence[str]
    A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
    ip_configuration_name str
    The name of the IP configuration of this Virtual Network Gateway. In case there are multiple ip_configuration blocks defined, this property is required to specify.
    tunnel_ip_addresses Sequence[str]
    A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
    apipaAddresses List<String>

    A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.

    Note: The valid range for the reserved APIPA address in Azure Public is from 169.254.21.0 to 169.254.22.255.

    defaultAddresses List<String>
    A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
    ipConfigurationName String
    The name of the IP configuration of this Virtual Network Gateway. In case there are multiple ip_configuration blocks defined, this property is required to specify.
    tunnelIpAddresses List<String>
    A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.

    VirtualNetworkGatewayCustomRoute, VirtualNetworkGatewayCustomRouteArgs

    AddressPrefixes List<string>
    A list of address blocks reserved for this virtual network in CIDR notation.
    AddressPrefixes []string
    A list of address blocks reserved for this virtual network in CIDR notation.
    addressPrefixes List<String>
    A list of address blocks reserved for this virtual network in CIDR notation.
    addressPrefixes string[]
    A list of address blocks reserved for this virtual network in CIDR notation.
    address_prefixes Sequence[str]
    A list of address blocks reserved for this virtual network in CIDR notation.
    addressPrefixes List<String>
    A list of address blocks reserved for this virtual network in CIDR notation.

    VirtualNetworkGatewayIpConfiguration, VirtualNetworkGatewayIpConfigurationArgs

    PublicIpAddressId string
    The ID of the public IP address to associate with the Virtual Network Gateway.
    SubnetId string
    The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.
    Name string
    A user-defined name of the IP configuration. Defaults to vnetGatewayConfig.
    PrivateIpAddressAllocation string
    Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is Dynamic for Virtual Network Gateway (Static is not supported by the service yet). Defaults to Dynamic.
    PublicIpAddressId string
    The ID of the public IP address to associate with the Virtual Network Gateway.
    SubnetId string
    The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.
    Name string
    A user-defined name of the IP configuration. Defaults to vnetGatewayConfig.
    PrivateIpAddressAllocation string
    Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is Dynamic for Virtual Network Gateway (Static is not supported by the service yet). Defaults to Dynamic.
    publicIpAddressId String
    The ID of the public IP address to associate with the Virtual Network Gateway.
    subnetId String
    The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.
    name String
    A user-defined name of the IP configuration. Defaults to vnetGatewayConfig.
    privateIpAddressAllocation String
    Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is Dynamic for Virtual Network Gateway (Static is not supported by the service yet). Defaults to Dynamic.
    publicIpAddressId string
    The ID of the public IP address to associate with the Virtual Network Gateway.
    subnetId string
    The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.
    name string
    A user-defined name of the IP configuration. Defaults to vnetGatewayConfig.
    privateIpAddressAllocation string
    Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is Dynamic for Virtual Network Gateway (Static is not supported by the service yet). Defaults to Dynamic.
    public_ip_address_id str
    The ID of the public IP address to associate with the Virtual Network Gateway.
    subnet_id str
    The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.
    name str
    A user-defined name of the IP configuration. Defaults to vnetGatewayConfig.
    private_ip_address_allocation str
    Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is Dynamic for Virtual Network Gateway (Static is not supported by the service yet). Defaults to Dynamic.
    publicIpAddressId String
    The ID of the public IP address to associate with the Virtual Network Gateway.
    subnetId String
    The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.
    name String
    A user-defined name of the IP configuration. Defaults to vnetGatewayConfig.
    privateIpAddressAllocation String
    Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is Dynamic for Virtual Network Gateway (Static is not supported by the service yet). Defaults to Dynamic.

    VirtualNetworkGatewayPolicyGroup, VirtualNetworkGatewayPolicyGroupArgs

    Name string
    The name of the Virtual Network Gateway Policy Group.
    PolicyMembers List<VirtualNetworkGatewayPolicyGroupPolicyMember>
    One or more policy_member blocks as defined below.
    IsDefault bool
    Is this a Default Virtual Network Gateway Policy Group? Defaults to false.
    Priority int
    The priority for the Virtual Network Gateway Policy Group. Defaults to 0.
    Name string
    The name of the Virtual Network Gateway Policy Group.
    PolicyMembers []VirtualNetworkGatewayPolicyGroupPolicyMember
    One or more policy_member blocks as defined below.
    IsDefault bool
    Is this a Default Virtual Network Gateway Policy Group? Defaults to false.
    Priority int
    The priority for the Virtual Network Gateway Policy Group. Defaults to 0.
    name String
    The name of the Virtual Network Gateway Policy Group.
    policyMembers List<VirtualNetworkGatewayPolicyGroupPolicyMember>
    One or more policy_member blocks as defined below.
    isDefault Boolean
    Is this a Default Virtual Network Gateway Policy Group? Defaults to false.
    priority Integer
    The priority for the Virtual Network Gateway Policy Group. Defaults to 0.
    name string
    The name of the Virtual Network Gateway Policy Group.
    policyMembers VirtualNetworkGatewayPolicyGroupPolicyMember[]
    One or more policy_member blocks as defined below.
    isDefault boolean
    Is this a Default Virtual Network Gateway Policy Group? Defaults to false.
    priority number
    The priority for the Virtual Network Gateway Policy Group. Defaults to 0.
    name str
    The name of the Virtual Network Gateway Policy Group.
    policy_members Sequence[VirtualNetworkGatewayPolicyGroupPolicyMember]
    One or more policy_member blocks as defined below.
    is_default bool
    Is this a Default Virtual Network Gateway Policy Group? Defaults to false.
    priority int
    The priority for the Virtual Network Gateway Policy Group. Defaults to 0.
    name String
    The name of the Virtual Network Gateway Policy Group.
    policyMembers List<Property Map>
    One or more policy_member blocks as defined below.
    isDefault Boolean
    Is this a Default Virtual Network Gateway Policy Group? Defaults to false.
    priority Number
    The priority for the Virtual Network Gateway Policy Group. Defaults to 0.

    VirtualNetworkGatewayPolicyGroupPolicyMember, VirtualNetworkGatewayPolicyGroupPolicyMemberArgs

    Name string
    The name of the Virtual Network Gateway Policy Group Member.
    Type string
    The VPN Policy Member attribute type. Possible values are AADGroupId, CertificateGroupId and RadiusAzureGroupId.
    Value string
    The value of attribute that is used for this Virtual Network Gateway Policy Group Member.
    Name string
    The name of the Virtual Network Gateway Policy Group Member.
    Type string
    The VPN Policy Member attribute type. Possible values are AADGroupId, CertificateGroupId and RadiusAzureGroupId.
    Value string
    The value of attribute that is used for this Virtual Network Gateway Policy Group Member.
    name String
    The name of the Virtual Network Gateway Policy Group Member.
    type String
    The VPN Policy Member attribute type. Possible values are AADGroupId, CertificateGroupId and RadiusAzureGroupId.
    value String
    The value of attribute that is used for this Virtual Network Gateway Policy Group Member.
    name string
    The name of the Virtual Network Gateway Policy Group Member.
    type string
    The VPN Policy Member attribute type. Possible values are AADGroupId, CertificateGroupId and RadiusAzureGroupId.
    value string
    The value of attribute that is used for this Virtual Network Gateway Policy Group Member.
    name str
    The name of the Virtual Network Gateway Policy Group Member.
    type str
    The VPN Policy Member attribute type. Possible values are AADGroupId, CertificateGroupId and RadiusAzureGroupId.
    value str
    The value of attribute that is used for this Virtual Network Gateway Policy Group Member.
    name String
    The name of the Virtual Network Gateway Policy Group Member.
    type String
    The VPN Policy Member attribute type. Possible values are AADGroupId, CertificateGroupId and RadiusAzureGroupId.
    value String
    The value of attribute that is used for this Virtual Network Gateway Policy Group Member.

    VirtualNetworkGatewayVpnClientConfiguration, VirtualNetworkGatewayVpnClientConfigurationArgs

    AddressSpaces List<string>
    The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
    AadAudience string
    The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
    AadIssuer string
    The STS url for your tenant
    AadTenant string
    AzureAD Tenant URL
    IpsecPolicy VirtualNetworkGatewayVpnClientConfigurationIpsecPolicy
    An ipsec_policy block as defined below.
    RadiusServerAddress string
    The address of the Radius server.
    RadiusServerSecret string
    The secret used by the Radius server.
    RadiusServers List<VirtualNetworkGatewayVpnClientConfigurationRadiusServer>
    One or more radius_server blocks as defined below.
    RevokedCertificates List<VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate>
    One or more revoked_certificate blocks which are defined below.
    RootCertificates List<VirtualNetworkGatewayVpnClientConfigurationRootCertificate>
    One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.
    VirtualNetworkGatewayClientConnections List<VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnection>
    One or more virtual_network_gateway_client_connection blocks as defined below.
    VpnAuthTypes List<string>

    List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.

    NOTE: vpn_auth_types must be set when using multiple vpn authentication types.

    VpnClientProtocols List<string>
    List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.
    AddressSpaces []string
    The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
    AadAudience string
    The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
    AadIssuer string
    The STS url for your tenant
    AadTenant string
    AzureAD Tenant URL
    IpsecPolicy VirtualNetworkGatewayVpnClientConfigurationIpsecPolicy
    An ipsec_policy block as defined below.
    RadiusServerAddress string
    The address of the Radius server.
    RadiusServerSecret string
    The secret used by the Radius server.
    RadiusServers []VirtualNetworkGatewayVpnClientConfigurationRadiusServer
    One or more radius_server blocks as defined below.
    RevokedCertificates []VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate
    One or more revoked_certificate blocks which are defined below.
    RootCertificates []VirtualNetworkGatewayVpnClientConfigurationRootCertificate
    One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.
    VirtualNetworkGatewayClientConnections []VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnection
    One or more virtual_network_gateway_client_connection blocks as defined below.
    VpnAuthTypes []string

    List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.

    NOTE: vpn_auth_types must be set when using multiple vpn authentication types.

    VpnClientProtocols []string
    List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.
    addressSpaces List<String>
    The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
    aadAudience String
    The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
    aadIssuer String
    The STS url for your tenant
    aadTenant String
    AzureAD Tenant URL
    ipsecPolicy VirtualNetworkGatewayVpnClientConfigurationIpsecPolicy
    An ipsec_policy block as defined below.
    radiusServerAddress String
    The address of the Radius server.
    radiusServerSecret String
    The secret used by the Radius server.
    radiusServers List<VirtualNetworkGatewayVpnClientConfigurationRadiusServer>
    One or more radius_server blocks as defined below.
    revokedCertificates List<VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate>
    One or more revoked_certificate blocks which are defined below.
    rootCertificates List<VirtualNetworkGatewayVpnClientConfigurationRootCertificate>
    One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.
    virtualNetworkGatewayClientConnections List<VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnection>
    One or more virtual_network_gateway_client_connection blocks as defined below.
    vpnAuthTypes List<String>

    List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.

    NOTE: vpn_auth_types must be set when using multiple vpn authentication types.

    vpnClientProtocols List<String>
    List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.
    addressSpaces string[]
    The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
    aadAudience string
    The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
    aadIssuer string
    The STS url for your tenant
    aadTenant string
    AzureAD Tenant URL
    ipsecPolicy VirtualNetworkGatewayVpnClientConfigurationIpsecPolicy
    An ipsec_policy block as defined below.
    radiusServerAddress string
    The address of the Radius server.
    radiusServerSecret string
    The secret used by the Radius server.
    radiusServers VirtualNetworkGatewayVpnClientConfigurationRadiusServer[]
    One or more radius_server blocks as defined below.
    revokedCertificates VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate[]
    One or more revoked_certificate blocks which are defined below.
    rootCertificates VirtualNetworkGatewayVpnClientConfigurationRootCertificate[]
    One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.
    virtualNetworkGatewayClientConnections VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnection[]
    One or more virtual_network_gateway_client_connection blocks as defined below.
    vpnAuthTypes string[]

    List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.

    NOTE: vpn_auth_types must be set when using multiple vpn authentication types.

    vpnClientProtocols string[]
    List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.
    address_spaces Sequence[str]
    The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
    aad_audience str
    The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
    aad_issuer str
    The STS url for your tenant
    aad_tenant str
    AzureAD Tenant URL
    ipsec_policy VirtualNetworkGatewayVpnClientConfigurationIpsecPolicy
    An ipsec_policy block as defined below.
    radius_server_address str
    The address of the Radius server.
    radius_server_secret str
    The secret used by the Radius server.
    radius_servers Sequence[VirtualNetworkGatewayVpnClientConfigurationRadiusServer]
    One or more radius_server blocks as defined below.
    revoked_certificates Sequence[VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate]
    One or more revoked_certificate blocks which are defined below.
    root_certificates Sequence[VirtualNetworkGatewayVpnClientConfigurationRootCertificate]
    One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.
    virtual_network_gateway_client_connections Sequence[VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnection]
    One or more virtual_network_gateway_client_connection blocks as defined below.
    vpn_auth_types Sequence[str]

    List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.

    NOTE: vpn_auth_types must be set when using multiple vpn authentication types.

    vpn_client_protocols Sequence[str]
    List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.
    addressSpaces List<String>
    The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
    aadAudience String
    The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
    aadIssuer String
    The STS url for your tenant
    aadTenant String
    AzureAD Tenant URL
    ipsecPolicy Property Map
    An ipsec_policy block as defined below.
    radiusServerAddress String
    The address of the Radius server.
    radiusServerSecret String
    The secret used by the Radius server.
    radiusServers List<Property Map>
    One or more radius_server blocks as defined below.
    revokedCertificates List<Property Map>
    One or more revoked_certificate blocks which are defined below.
    rootCertificates List<Property Map>
    One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.
    virtualNetworkGatewayClientConnections List<Property Map>
    One or more virtual_network_gateway_client_connection blocks as defined below.
    vpnAuthTypes List<String>

    List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.

    NOTE: vpn_auth_types must be set when using multiple vpn authentication types.

    vpnClientProtocols List<String>
    List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.

    VirtualNetworkGatewayVpnClientConfigurationIpsecPolicy, VirtualNetworkGatewayVpnClientConfigurationIpsecPolicyArgs

    DhGroup string
    The DH Group, used in IKE Phase 1. Possible values are DHGroup1, DHGroup2, DHGroup14, DHGroup24, DHGroup2048, ECP256, ECP384 and None.
    IkeEncryption string
    The IKE encryption algorithm, used for IKE Phase 2. Possible values are AES128, AES192, AES256, DES, DES3, GCMAES128 and GCMAES256.
    IkeIntegrity string
    The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are GCMAES128, GCMAES256, MD5, SHA1, SHA256 and SHA384.
    IpsecEncryption string
    The IPSec encryption algorithm, used for IKE phase 1. Possible values are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256 and None.
    IpsecIntegrity string
    The IPSec integrity algorithm, used for IKE phase 1. Possible values are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1 and SHA256.
    PfsGroup string
    The Pfs Group, used in IKE Phase 2. Possible values are ECP256, ECP384, PFS1, PFS2, PFS14, PFS24, PFS2048, PFSMM and None.
    SaDataSizeInKilobytes int
    The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between 1024 and 2147483647.
    SaLifetimeInSeconds int
    The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between 300 and 172799.
    DhGroup string
    The DH Group, used in IKE Phase 1. Possible values are DHGroup1, DHGroup2, DHGroup14, DHGroup24, DHGroup2048, ECP256, ECP384 and None.
    IkeEncryption string
    The IKE encryption algorithm, used for IKE Phase 2. Possible values are AES128, AES192, AES256, DES, DES3, GCMAES128 and GCMAES256.
    IkeIntegrity string
    The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are GCMAES128, GCMAES256, MD5, SHA1, SHA256 and SHA384.
    IpsecEncryption string
    The IPSec encryption algorithm, used for IKE phase 1. Possible values are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256 and None.
    IpsecIntegrity string
    The IPSec integrity algorithm, used for IKE phase 1. Possible values are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1 and SHA256.
    PfsGroup string
    The Pfs Group, used in IKE Phase 2. Possible values are ECP256, ECP384, PFS1, PFS2, PFS14, PFS24, PFS2048, PFSMM and None.
    SaDataSizeInKilobytes int
    The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between 1024 and 2147483647.
    SaLifetimeInSeconds int
    The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between 300 and 172799.
    dhGroup String
    The DH Group, used in IKE Phase 1. Possible values are DHGroup1, DHGroup2, DHGroup14, DHGroup24, DHGroup2048, ECP256, ECP384 and None.
    ikeEncryption String
    The IKE encryption algorithm, used for IKE Phase 2. Possible values are AES128, AES192, AES256, DES, DES3, GCMAES128 and GCMAES256.
    ikeIntegrity String
    The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are GCMAES128, GCMAES256, MD5, SHA1, SHA256 and SHA384.
    ipsecEncryption String
    The IPSec encryption algorithm, used for IKE phase 1. Possible values are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256 and None.
    ipsecIntegrity String
    The IPSec integrity algorithm, used for IKE phase 1. Possible values are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1 and SHA256.
    pfsGroup String
    The Pfs Group, used in IKE Phase 2. Possible values are ECP256, ECP384, PFS1, PFS2, PFS14, PFS24, PFS2048, PFSMM and None.
    saDataSizeInKilobytes Integer
    The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between 1024 and 2147483647.
    saLifetimeInSeconds Integer
    The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between 300 and 172799.
    dhGroup string
    The DH Group, used in IKE Phase 1. Possible values are DHGroup1, DHGroup2, DHGroup14, DHGroup24, DHGroup2048, ECP256, ECP384 and None.
    ikeEncryption string
    The IKE encryption algorithm, used for IKE Phase 2. Possible values are AES128, AES192, AES256, DES, DES3, GCMAES128 and GCMAES256.
    ikeIntegrity string
    The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are GCMAES128, GCMAES256, MD5, SHA1, SHA256 and SHA384.
    ipsecEncryption string
    The IPSec encryption algorithm, used for IKE phase 1. Possible values are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256 and None.
    ipsecIntegrity string
    The IPSec integrity algorithm, used for IKE phase 1. Possible values are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1 and SHA256.
    pfsGroup string
    The Pfs Group, used in IKE Phase 2. Possible values are ECP256, ECP384, PFS1, PFS2, PFS14, PFS24, PFS2048, PFSMM and None.
    saDataSizeInKilobytes number
    The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between 1024 and 2147483647.
    saLifetimeInSeconds number
    The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between 300 and 172799.
    dh_group str
    The DH Group, used in IKE Phase 1. Possible values are DHGroup1, DHGroup2, DHGroup14, DHGroup24, DHGroup2048, ECP256, ECP384 and None.
    ike_encryption str
    The IKE encryption algorithm, used for IKE Phase 2. Possible values are AES128, AES192, AES256, DES, DES3, GCMAES128 and GCMAES256.
    ike_integrity str
    The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are GCMAES128, GCMAES256, MD5, SHA1, SHA256 and SHA384.
    ipsec_encryption str
    The IPSec encryption algorithm, used for IKE phase 1. Possible values are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256 and None.
    ipsec_integrity str
    The IPSec integrity algorithm, used for IKE phase 1. Possible values are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1 and SHA256.
    pfs_group str
    The Pfs Group, used in IKE Phase 2. Possible values are ECP256, ECP384, PFS1, PFS2, PFS14, PFS24, PFS2048, PFSMM and None.
    sa_data_size_in_kilobytes int
    The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between 1024 and 2147483647.
    sa_lifetime_in_seconds int
    The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between 300 and 172799.
    dhGroup String
    The DH Group, used in IKE Phase 1. Possible values are DHGroup1, DHGroup2, DHGroup14, DHGroup24, DHGroup2048, ECP256, ECP384 and None.
    ikeEncryption String
    The IKE encryption algorithm, used for IKE Phase 2. Possible values are AES128, AES192, AES256, DES, DES3, GCMAES128 and GCMAES256.
    ikeIntegrity String
    The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are GCMAES128, GCMAES256, MD5, SHA1, SHA256 and SHA384.
    ipsecEncryption String
    The IPSec encryption algorithm, used for IKE phase 1. Possible values are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256 and None.
    ipsecIntegrity String
    The IPSec integrity algorithm, used for IKE phase 1. Possible values are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1 and SHA256.
    pfsGroup String
    The Pfs Group, used in IKE Phase 2. Possible values are ECP256, ECP384, PFS1, PFS2, PFS14, PFS24, PFS2048, PFSMM and None.
    saDataSizeInKilobytes Number
    The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between 1024 and 2147483647.
    saLifetimeInSeconds Number
    The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between 300 and 172799.

    VirtualNetworkGatewayVpnClientConfigurationRadiusServer, VirtualNetworkGatewayVpnClientConfigurationRadiusServerArgs

    Address string
    The address of the Radius Server.
    Score int
    The score of the Radius Server determines the priority of the server. Possible values are between 1 and 30.
    Secret string
    The secret that is used to communicate with the Radius Server.
    Address string
    The address of the Radius Server.
    Score int
    The score of the Radius Server determines the priority of the server. Possible values are between 1 and 30.
    Secret string
    The secret that is used to communicate with the Radius Server.
    address String
    The address of the Radius Server.
    score Integer
    The score of the Radius Server determines the priority of the server. Possible values are between 1 and 30.
    secret String
    The secret that is used to communicate with the Radius Server.
    address string
    The address of the Radius Server.
    score number
    The score of the Radius Server determines the priority of the server. Possible values are between 1 and 30.
    secret string
    The secret that is used to communicate with the Radius Server.
    address str
    The address of the Radius Server.
    score int
    The score of the Radius Server determines the priority of the server. Possible values are between 1 and 30.
    secret str
    The secret that is used to communicate with the Radius Server.
    address String
    The address of the Radius Server.
    score Number
    The score of the Radius Server determines the priority of the server. Possible values are between 1 and 30.
    secret String
    The secret that is used to communicate with the Radius Server.

    VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate, VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs

    Name string
    Specifies the name of the certificate resource.
    Thumbprint string
    Specifies the public data of the certificate.
    Name string
    Specifies the name of the certificate resource.
    Thumbprint string
    Specifies the public data of the certificate.
    name String
    Specifies the name of the certificate resource.
    thumbprint String
    Specifies the public data of the certificate.
    name string
    Specifies the name of the certificate resource.
    thumbprint string
    Specifies the public data of the certificate.
    name str
    Specifies the name of the certificate resource.
    thumbprint str
    Specifies the public data of the certificate.
    name String
    Specifies the name of the certificate resource.
    thumbprint String
    Specifies the public data of the certificate.

    VirtualNetworkGatewayVpnClientConfigurationRootCertificate, VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs

    Name string
    A user-defined name of the root certificate.
    PublicCertData string
    The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- markers, nor any newlines.
    Name string
    A user-defined name of the root certificate.
    PublicCertData string
    The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- markers, nor any newlines.
    name String
    A user-defined name of the root certificate.
    publicCertData String
    The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- markers, nor any newlines.
    name string
    A user-defined name of the root certificate.
    publicCertData string
    The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- markers, nor any newlines.
    name str
    A user-defined name of the root certificate.
    public_cert_data str
    The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- markers, nor any newlines.
    name String
    A user-defined name of the root certificate.
    publicCertData String
    The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- markers, nor any newlines.

    VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnection, VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnectionArgs

    AddressPrefixes List<string>
    A list of address prefixes for P2S VPN Client.
    Name string
    The name of the Virtual Network Gateway Client Connection.
    PolicyGroupNames List<string>
    A list of names of Virtual Network Gateway Policy Groups.
    AddressPrefixes []string
    A list of address prefixes for P2S VPN Client.
    Name string
    The name of the Virtual Network Gateway Client Connection.
    PolicyGroupNames []string
    A list of names of Virtual Network Gateway Policy Groups.
    addressPrefixes List<String>
    A list of address prefixes for P2S VPN Client.
    name String
    The name of the Virtual Network Gateway Client Connection.
    policyGroupNames List<String>
    A list of names of Virtual Network Gateway Policy Groups.
    addressPrefixes string[]
    A list of address prefixes for P2S VPN Client.
    name string
    The name of the Virtual Network Gateway Client Connection.
    policyGroupNames string[]
    A list of names of Virtual Network Gateway Policy Groups.
    address_prefixes Sequence[str]
    A list of address prefixes for P2S VPN Client.
    name str
    The name of the Virtual Network Gateway Client Connection.
    policy_group_names Sequence[str]
    A list of names of Virtual Network Gateway Policy Groups.
    addressPrefixes List<String>
    A list of address prefixes for P2S VPN Client.
    name String
    The name of the Virtual Network Gateway Client Connection.
    policyGroupNames List<String>
    A list of names of Virtual Network Gateway Policy Groups.

    Import

    Virtual Network Gateways can be imported using the resource id, e.g.

    $ pulumi import azure:network/virtualNetworkGateway:VirtualNetworkGateway exampleGateway /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup1/providers/Microsoft.Network/virtualNetworkGateways/myGateway1
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi