We recommend using Azure Native.
azure.network.VirtualNetworkGateway
Explore with Pulumi AI
Manages a Virtual Network Gateway to establish secure, cross-premises connectivity.
Note: Please be aware that provisioning a Virtual Network Gateway takes a long time (between 30 minutes and 1 hour)
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "test",
location: "West Europe",
});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
name: "test",
location: example.location,
resourceGroupName: example.name,
addressSpaces: ["10.0.0.0/16"],
});
const exampleSubnet = new azure.network.Subnet("example", {
name: "GatewaySubnet",
resourceGroupName: example.name,
virtualNetworkName: exampleVirtualNetwork.name,
addressPrefixes: ["10.0.1.0/24"],
});
const examplePublicIp = new azure.network.PublicIp("example", {
name: "test",
location: example.location,
resourceGroupName: example.name,
allocationMethod: "Dynamic",
});
const exampleVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("example", {
name: "test",
location: example.location,
resourceGroupName: example.name,
type: "Vpn",
vpnType: "RouteBased",
activeActive: false,
enableBgp: false,
sku: "Basic",
ipConfigurations: [{
name: "vnetGatewayConfig",
publicIpAddressId: examplePublicIp.id,
privateIpAddressAllocation: "Dynamic",
subnetId: exampleSubnet.id,
}],
vpnClientConfiguration: {
addressSpaces: ["10.2.0.0/24"],
rootCertificates: [{
name: "DigiCert-Federated-ID-Root-CA",
publicCertData: `MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
`,
}],
revokedCertificates: [{
name: "Verizon-Global-Root-CA",
thumbprint: "912198EEF23DCAC40939312FEE97DD560BAE49B1",
}],
},
});
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="test",
location="West Europe")
example_virtual_network = azure.network.VirtualNetwork("example",
name="test",
location=example.location,
resource_group_name=example.name,
address_spaces=["10.0.0.0/16"])
example_subnet = azure.network.Subnet("example",
name="GatewaySubnet",
resource_group_name=example.name,
virtual_network_name=example_virtual_network.name,
address_prefixes=["10.0.1.0/24"])
example_public_ip = azure.network.PublicIp("example",
name="test",
location=example.location,
resource_group_name=example.name,
allocation_method="Dynamic")
example_virtual_network_gateway = azure.network.VirtualNetworkGateway("example",
name="test",
location=example.location,
resource_group_name=example.name,
type="Vpn",
vpn_type="RouteBased",
active_active=False,
enable_bgp=False,
sku="Basic",
ip_configurations=[azure.network.VirtualNetworkGatewayIpConfigurationArgs(
name="vnetGatewayConfig",
public_ip_address_id=example_public_ip.id,
private_ip_address_allocation="Dynamic",
subnet_id=example_subnet.id,
)],
vpn_client_configuration=azure.network.VirtualNetworkGatewayVpnClientConfigurationArgs(
address_spaces=["10.2.0.0/24"],
root_certificates=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs(
name="DigiCert-Federated-ID-Root-CA",
public_cert_data="""MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
""",
)],
revoked_certificates=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs(
name="Verizon-Global-Root-CA",
thumbprint="912198EEF23DCAC40939312FEE97DD560BAE49B1",
)],
))
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("test"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "example", &network.VirtualNetworkArgs{
Name: pulumi.String("test"),
Location: example.Location,
ResourceGroupName: example.Name,
AddressSpaces: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
})
if err != nil {
return err
}
exampleSubnet, err := network.NewSubnet(ctx, "example", &network.SubnetArgs{
Name: pulumi.String("GatewaySubnet"),
ResourceGroupName: example.Name,
VirtualNetworkName: exampleVirtualNetwork.Name,
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.1.0/24"),
},
})
if err != nil {
return err
}
examplePublicIp, err := network.NewPublicIp(ctx, "example", &network.PublicIpArgs{
Name: pulumi.String("test"),
Location: example.Location,
ResourceGroupName: example.Name,
AllocationMethod: pulumi.String("Dynamic"),
})
if err != nil {
return err
}
_, err = network.NewVirtualNetworkGateway(ctx, "example", &network.VirtualNetworkGatewayArgs{
Name: pulumi.String("test"),
Location: example.Location,
ResourceGroupName: example.Name,
Type: pulumi.String("Vpn"),
VpnType: pulumi.String("RouteBased"),
ActiveActive: pulumi.Bool(false),
EnableBgp: pulumi.Bool(false),
Sku: pulumi.String("Basic"),
IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
&network.VirtualNetworkGatewayIpConfigurationArgs{
Name: pulumi.String("vnetGatewayConfig"),
PublicIpAddressId: examplePublicIp.ID(),
PrivateIpAddressAllocation: pulumi.String("Dynamic"),
SubnetId: exampleSubnet.ID(),
},
},
VpnClientConfiguration: &network.VirtualNetworkGatewayVpnClientConfigurationArgs{
AddressSpaces: pulumi.StringArray{
pulumi.String("10.2.0.0/24"),
},
RootCertificates: network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArray{
&network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs{
Name: pulumi.String("DigiCert-Federated-ID-Root-CA"),
PublicCertData: pulumi.String(`MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
`),
},
},
RevokedCertificates: network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArray{
&network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs{
Name: pulumi.String("Verizon-Global-Root-CA"),
Thumbprint: pulumi.String("912198EEF23DCAC40939312FEE97DD560BAE49B1"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "test",
Location = "West Europe",
});
var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("example", new()
{
Name = "test",
Location = example.Location,
ResourceGroupName = example.Name,
AddressSpaces = new[]
{
"10.0.0.0/16",
},
});
var exampleSubnet = new Azure.Network.Subnet("example", new()
{
Name = "GatewaySubnet",
ResourceGroupName = example.Name,
VirtualNetworkName = exampleVirtualNetwork.Name,
AddressPrefixes = new[]
{
"10.0.1.0/24",
},
});
var examplePublicIp = new Azure.Network.PublicIp("example", new()
{
Name = "test",
Location = example.Location,
ResourceGroupName = example.Name,
AllocationMethod = "Dynamic",
});
var exampleVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("example", new()
{
Name = "test",
Location = example.Location,
ResourceGroupName = example.Name,
Type = "Vpn",
VpnType = "RouteBased",
ActiveActive = false,
EnableBgp = false,
Sku = "Basic",
IpConfigurations = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
{
Name = "vnetGatewayConfig",
PublicIpAddressId = examplePublicIp.Id,
PrivateIpAddressAllocation = "Dynamic",
SubnetId = exampleSubnet.Id,
},
},
VpnClientConfiguration = new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationArgs
{
AddressSpaces = new[]
{
"10.2.0.0/24",
},
RootCertificates = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs
{
Name = "DigiCert-Federated-ID-Root-CA",
PublicCertData = @"MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
",
},
},
RevokedCertificates = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs
{
Name = "Verizon-Global-Root-CA",
Thumbprint = "912198EEF23DCAC40939312FEE97DD560BAE49B1",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.PublicIp;
import com.pulumi.azure.network.PublicIpArgs;
import com.pulumi.azure.network.VirtualNetworkGateway;
import com.pulumi.azure.network.VirtualNetworkGatewayArgs;
import com.pulumi.azure.network.inputs.VirtualNetworkGatewayIpConfigurationArgs;
import com.pulumi.azure.network.inputs.VirtualNetworkGatewayVpnClientConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("test")
.location("West Europe")
.build());
var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
.name("test")
.location(example.location())
.resourceGroupName(example.name())
.addressSpaces("10.0.0.0/16")
.build());
var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
.name("GatewaySubnet")
.resourceGroupName(example.name())
.virtualNetworkName(exampleVirtualNetwork.name())
.addressPrefixes("10.0.1.0/24")
.build());
var examplePublicIp = new PublicIp("examplePublicIp", PublicIpArgs.builder()
.name("test")
.location(example.location())
.resourceGroupName(example.name())
.allocationMethod("Dynamic")
.build());
var exampleVirtualNetworkGateway = new VirtualNetworkGateway("exampleVirtualNetworkGateway", VirtualNetworkGatewayArgs.builder()
.name("test")
.location(example.location())
.resourceGroupName(example.name())
.type("Vpn")
.vpnType("RouteBased")
.activeActive(false)
.enableBgp(false)
.sku("Basic")
.ipConfigurations(VirtualNetworkGatewayIpConfigurationArgs.builder()
.name("vnetGatewayConfig")
.publicIpAddressId(examplePublicIp.id())
.privateIpAddressAllocation("Dynamic")
.subnetId(exampleSubnet.id())
.build())
.vpnClientConfiguration(VirtualNetworkGatewayVpnClientConfigurationArgs.builder()
.addressSpaces("10.2.0.0/24")
.rootCertificates(VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs.builder()
.name("DigiCert-Federated-ID-Root-CA")
.publicCertData("""
MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
""")
.build())
.revokedCertificates(VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs.builder()
.name("Verizon-Global-Root-CA")
.thumbprint("912198EEF23DCAC40939312FEE97DD560BAE49B1")
.build())
.build())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: test
location: West Europe
exampleVirtualNetwork:
type: azure:network:VirtualNetwork
name: example
properties:
name: test
location: ${example.location}
resourceGroupName: ${example.name}
addressSpaces:
- 10.0.0.0/16
exampleSubnet:
type: azure:network:Subnet
name: example
properties:
name: GatewaySubnet
resourceGroupName: ${example.name}
virtualNetworkName: ${exampleVirtualNetwork.name}
addressPrefixes:
- 10.0.1.0/24
examplePublicIp:
type: azure:network:PublicIp
name: example
properties:
name: test
location: ${example.location}
resourceGroupName: ${example.name}
allocationMethod: Dynamic
exampleVirtualNetworkGateway:
type: azure:network:VirtualNetworkGateway
name: example
properties:
name: test
location: ${example.location}
resourceGroupName: ${example.name}
type: Vpn
vpnType: RouteBased
activeActive: false
enableBgp: false
sku: Basic
ipConfigurations:
- name: vnetGatewayConfig
publicIpAddressId: ${examplePublicIp.id}
privateIpAddressAllocation: Dynamic
subnetId: ${exampleSubnet.id}
vpnClientConfiguration:
addressSpaces:
- 10.2.0.0/24
rootCertificates:
- name: DigiCert-Federated-ID-Root-CA
publicCertData: |
MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
revokedCertificates:
- name: Verizon-Global-Root-CA
thumbprint: 912198EEF23DCAC40939312FEE97DD560BAE49B1
Create VirtualNetworkGateway Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new VirtualNetworkGateway(name: string, args: VirtualNetworkGatewayArgs, opts?: CustomResourceOptions);
@overload
def VirtualNetworkGateway(resource_name: str,
args: VirtualNetworkGatewayArgs,
opts: Optional[ResourceOptions] = None)
@overload
def VirtualNetworkGateway(resource_name: str,
opts: Optional[ResourceOptions] = None,
ip_configurations: Optional[Sequence[VirtualNetworkGatewayIpConfigurationArgs]] = None,
type: Optional[str] = None,
sku: Optional[str] = None,
resource_group_name: Optional[str] = None,
ip_sec_replay_protection_enabled: Optional[bool] = None,
policy_groups: Optional[Sequence[VirtualNetworkGatewayPolicyGroupArgs]] = None,
edge_zone: Optional[str] = None,
enable_bgp: Optional[bool] = None,
generation: Optional[str] = None,
default_local_network_gateway_id: Optional[str] = None,
active_active: Optional[bool] = None,
location: Optional[str] = None,
name: Optional[str] = None,
dns_forwarding_enabled: Optional[bool] = None,
private_ip_address_enabled: Optional[bool] = None,
remote_vnet_traffic_enabled: Optional[bool] = None,
custom_route: Optional[VirtualNetworkGatewayCustomRouteArgs] = None,
bgp_settings: Optional[VirtualNetworkGatewayBgpSettingsArgs] = None,
tags: Optional[Mapping[str, str]] = None,
bgp_route_translation_for_nat_enabled: Optional[bool] = None,
virtual_wan_traffic_enabled: Optional[bool] = None,
vpn_client_configuration: Optional[VirtualNetworkGatewayVpnClientConfigurationArgs] = None,
vpn_type: Optional[str] = None)
func NewVirtualNetworkGateway(ctx *Context, name string, args VirtualNetworkGatewayArgs, opts ...ResourceOption) (*VirtualNetworkGateway, error)
public VirtualNetworkGateway(string name, VirtualNetworkGatewayArgs args, CustomResourceOptions? opts = null)
public VirtualNetworkGateway(String name, VirtualNetworkGatewayArgs args)
public VirtualNetworkGateway(String name, VirtualNetworkGatewayArgs args, CustomResourceOptions options)
type: azure:network:VirtualNetworkGateway
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args VirtualNetworkGatewayArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args VirtualNetworkGatewayArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args VirtualNetworkGatewayArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VirtualNetworkGatewayArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args VirtualNetworkGatewayArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var virtualNetworkGatewayResource = new Azure.Network.VirtualNetworkGateway("virtualNetworkGatewayResource", new()
{
IpConfigurations = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
{
PublicIpAddressId = "string",
SubnetId = "string",
Name = "string",
PrivateIpAddressAllocation = "string",
},
},
Type = "string",
Sku = "string",
ResourceGroupName = "string",
IpSecReplayProtectionEnabled = false,
PolicyGroups = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayPolicyGroupArgs
{
Name = "string",
PolicyMembers = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayPolicyGroupPolicyMemberArgs
{
Name = "string",
Type = "string",
Value = "string",
},
},
IsDefault = false,
Priority = 0,
},
},
EdgeZone = "string",
EnableBgp = false,
Generation = "string",
DefaultLocalNetworkGatewayId = "string",
ActiveActive = false,
Location = "string",
Name = "string",
DnsForwardingEnabled = false,
PrivateIpAddressEnabled = false,
RemoteVnetTrafficEnabled = false,
CustomRoute = new Azure.Network.Inputs.VirtualNetworkGatewayCustomRouteArgs
{
AddressPrefixes = new[]
{
"string",
},
},
BgpSettings = new Azure.Network.Inputs.VirtualNetworkGatewayBgpSettingsArgs
{
Asn = 0,
PeerWeight = 0,
PeeringAddresses = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayBgpSettingsPeeringAddressArgs
{
ApipaAddresses = new[]
{
"string",
},
DefaultAddresses = new[]
{
"string",
},
IpConfigurationName = "string",
TunnelIpAddresses = new[]
{
"string",
},
},
},
},
Tags =
{
{ "string", "string" },
},
BgpRouteTranslationForNatEnabled = false,
VirtualWanTrafficEnabled = false,
VpnClientConfiguration = new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationArgs
{
AddressSpaces = new[]
{
"string",
},
RadiusServerSecret = "string",
AadTenant = "string",
AadIssuer = "string",
IpsecPolicy = new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationIpsecPolicyArgs
{
DhGroup = "string",
IkeEncryption = "string",
IkeIntegrity = "string",
IpsecEncryption = "string",
IpsecIntegrity = "string",
PfsGroup = "string",
SaDataSizeInKilobytes = 0,
SaLifetimeInSeconds = 0,
},
RadiusServerAddress = "string",
AadAudience = "string",
RadiusServers = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRadiusServerArgs
{
Address = "string",
Score = 0,
Secret = "string",
},
},
RevokedCertificates = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs
{
Name = "string",
Thumbprint = "string",
},
},
RootCertificates = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs
{
Name = "string",
PublicCertData = "string",
},
},
VirtualNetworkGatewayClientConnections = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnectionArgs
{
AddressPrefixes = new[]
{
"string",
},
Name = "string",
PolicyGroupNames = new[]
{
"string",
},
},
},
VpnAuthTypes = new[]
{
"string",
},
VpnClientProtocols = new[]
{
"string",
},
},
VpnType = "string",
});
example, err := network.NewVirtualNetworkGateway(ctx, "virtualNetworkGatewayResource", &network.VirtualNetworkGatewayArgs{
IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
&network.VirtualNetworkGatewayIpConfigurationArgs{
PublicIpAddressId: pulumi.String("string"),
SubnetId: pulumi.String("string"),
Name: pulumi.String("string"),
PrivateIpAddressAllocation: pulumi.String("string"),
},
},
Type: pulumi.String("string"),
Sku: pulumi.String("string"),
ResourceGroupName: pulumi.String("string"),
IpSecReplayProtectionEnabled: pulumi.Bool(false),
PolicyGroups: network.VirtualNetworkGatewayPolicyGroupArray{
&network.VirtualNetworkGatewayPolicyGroupArgs{
Name: pulumi.String("string"),
PolicyMembers: network.VirtualNetworkGatewayPolicyGroupPolicyMemberArray{
&network.VirtualNetworkGatewayPolicyGroupPolicyMemberArgs{
Name: pulumi.String("string"),
Type: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
IsDefault: pulumi.Bool(false),
Priority: pulumi.Int(0),
},
},
EdgeZone: pulumi.String("string"),
EnableBgp: pulumi.Bool(false),
Generation: pulumi.String("string"),
DefaultLocalNetworkGatewayId: pulumi.String("string"),
ActiveActive: pulumi.Bool(false),
Location: pulumi.String("string"),
Name: pulumi.String("string"),
DnsForwardingEnabled: pulumi.Bool(false),
PrivateIpAddressEnabled: pulumi.Bool(false),
RemoteVnetTrafficEnabled: pulumi.Bool(false),
CustomRoute: &network.VirtualNetworkGatewayCustomRouteArgs{
AddressPrefixes: pulumi.StringArray{
pulumi.String("string"),
},
},
BgpSettings: &network.VirtualNetworkGatewayBgpSettingsArgs{
Asn: pulumi.Int(0),
PeerWeight: pulumi.Int(0),
PeeringAddresses: network.VirtualNetworkGatewayBgpSettingsPeeringAddressArray{
&network.VirtualNetworkGatewayBgpSettingsPeeringAddressArgs{
ApipaAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DefaultAddresses: pulumi.StringArray{
pulumi.String("string"),
},
IpConfigurationName: pulumi.String("string"),
TunnelIpAddresses: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
BgpRouteTranslationForNatEnabled: pulumi.Bool(false),
VirtualWanTrafficEnabled: pulumi.Bool(false),
VpnClientConfiguration: &network.VirtualNetworkGatewayVpnClientConfigurationArgs{
AddressSpaces: pulumi.StringArray{
pulumi.String("string"),
},
RadiusServerSecret: pulumi.String("string"),
AadTenant: pulumi.String("string"),
AadIssuer: pulumi.String("string"),
IpsecPolicy: &network.VirtualNetworkGatewayVpnClientConfigurationIpsecPolicyArgs{
DhGroup: pulumi.String("string"),
IkeEncryption: pulumi.String("string"),
IkeIntegrity: pulumi.String("string"),
IpsecEncryption: pulumi.String("string"),
IpsecIntegrity: pulumi.String("string"),
PfsGroup: pulumi.String("string"),
SaDataSizeInKilobytes: pulumi.Int(0),
SaLifetimeInSeconds: pulumi.Int(0),
},
RadiusServerAddress: pulumi.String("string"),
AadAudience: pulumi.String("string"),
RadiusServers: network.VirtualNetworkGatewayVpnClientConfigurationRadiusServerArray{
&network.VirtualNetworkGatewayVpnClientConfigurationRadiusServerArgs{
Address: pulumi.String("string"),
Score: pulumi.Int(0),
Secret: pulumi.String("string"),
},
},
RevokedCertificates: network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArray{
&network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs{
Name: pulumi.String("string"),
Thumbprint: pulumi.String("string"),
},
},
RootCertificates: network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArray{
&network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs{
Name: pulumi.String("string"),
PublicCertData: pulumi.String("string"),
},
},
VirtualNetworkGatewayClientConnections: network.VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnectionArray{
&network.VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnectionArgs{
AddressPrefixes: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
PolicyGroupNames: pulumi.StringArray{
pulumi.String("string"),
},
},
},
VpnAuthTypes: pulumi.StringArray{
pulumi.String("string"),
},
VpnClientProtocols: pulumi.StringArray{
pulumi.String("string"),
},
},
VpnType: pulumi.String("string"),
})
var virtualNetworkGatewayResource = new VirtualNetworkGateway("virtualNetworkGatewayResource", VirtualNetworkGatewayArgs.builder()
.ipConfigurations(VirtualNetworkGatewayIpConfigurationArgs.builder()
.publicIpAddressId("string")
.subnetId("string")
.name("string")
.privateIpAddressAllocation("string")
.build())
.type("string")
.sku("string")
.resourceGroupName("string")
.ipSecReplayProtectionEnabled(false)
.policyGroups(VirtualNetworkGatewayPolicyGroupArgs.builder()
.name("string")
.policyMembers(VirtualNetworkGatewayPolicyGroupPolicyMemberArgs.builder()
.name("string")
.type("string")
.value("string")
.build())
.isDefault(false)
.priority(0)
.build())
.edgeZone("string")
.enableBgp(false)
.generation("string")
.defaultLocalNetworkGatewayId("string")
.activeActive(false)
.location("string")
.name("string")
.dnsForwardingEnabled(false)
.privateIpAddressEnabled(false)
.remoteVnetTrafficEnabled(false)
.customRoute(VirtualNetworkGatewayCustomRouteArgs.builder()
.addressPrefixes("string")
.build())
.bgpSettings(VirtualNetworkGatewayBgpSettingsArgs.builder()
.asn(0)
.peerWeight(0)
.peeringAddresses(VirtualNetworkGatewayBgpSettingsPeeringAddressArgs.builder()
.apipaAddresses("string")
.defaultAddresses("string")
.ipConfigurationName("string")
.tunnelIpAddresses("string")
.build())
.build())
.tags(Map.of("string", "string"))
.bgpRouteTranslationForNatEnabled(false)
.virtualWanTrafficEnabled(false)
.vpnClientConfiguration(VirtualNetworkGatewayVpnClientConfigurationArgs.builder()
.addressSpaces("string")
.radiusServerSecret("string")
.aadTenant("string")
.aadIssuer("string")
.ipsecPolicy(VirtualNetworkGatewayVpnClientConfigurationIpsecPolicyArgs.builder()
.dhGroup("string")
.ikeEncryption("string")
.ikeIntegrity("string")
.ipsecEncryption("string")
.ipsecIntegrity("string")
.pfsGroup("string")
.saDataSizeInKilobytes(0)
.saLifetimeInSeconds(0)
.build())
.radiusServerAddress("string")
.aadAudience("string")
.radiusServers(VirtualNetworkGatewayVpnClientConfigurationRadiusServerArgs.builder()
.address("string")
.score(0)
.secret("string")
.build())
.revokedCertificates(VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs.builder()
.name("string")
.thumbprint("string")
.build())
.rootCertificates(VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs.builder()
.name("string")
.publicCertData("string")
.build())
.virtualNetworkGatewayClientConnections(VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnectionArgs.builder()
.addressPrefixes("string")
.name("string")
.policyGroupNames("string")
.build())
.vpnAuthTypes("string")
.vpnClientProtocols("string")
.build())
.vpnType("string")
.build());
virtual_network_gateway_resource = azure.network.VirtualNetworkGateway("virtualNetworkGatewayResource",
ip_configurations=[azure.network.VirtualNetworkGatewayIpConfigurationArgs(
public_ip_address_id="string",
subnet_id="string",
name="string",
private_ip_address_allocation="string",
)],
type="string",
sku="string",
resource_group_name="string",
ip_sec_replay_protection_enabled=False,
policy_groups=[azure.network.VirtualNetworkGatewayPolicyGroupArgs(
name="string",
policy_members=[azure.network.VirtualNetworkGatewayPolicyGroupPolicyMemberArgs(
name="string",
type="string",
value="string",
)],
is_default=False,
priority=0,
)],
edge_zone="string",
enable_bgp=False,
generation="string",
default_local_network_gateway_id="string",
active_active=False,
location="string",
name="string",
dns_forwarding_enabled=False,
private_ip_address_enabled=False,
remote_vnet_traffic_enabled=False,
custom_route=azure.network.VirtualNetworkGatewayCustomRouteArgs(
address_prefixes=["string"],
),
bgp_settings=azure.network.VirtualNetworkGatewayBgpSettingsArgs(
asn=0,
peer_weight=0,
peering_addresses=[azure.network.VirtualNetworkGatewayBgpSettingsPeeringAddressArgs(
apipa_addresses=["string"],
default_addresses=["string"],
ip_configuration_name="string",
tunnel_ip_addresses=["string"],
)],
),
tags={
"string": "string",
},
bgp_route_translation_for_nat_enabled=False,
virtual_wan_traffic_enabled=False,
vpn_client_configuration=azure.network.VirtualNetworkGatewayVpnClientConfigurationArgs(
address_spaces=["string"],
radius_server_secret="string",
aad_tenant="string",
aad_issuer="string",
ipsec_policy=azure.network.VirtualNetworkGatewayVpnClientConfigurationIpsecPolicyArgs(
dh_group="string",
ike_encryption="string",
ike_integrity="string",
ipsec_encryption="string",
ipsec_integrity="string",
pfs_group="string",
sa_data_size_in_kilobytes=0,
sa_lifetime_in_seconds=0,
),
radius_server_address="string",
aad_audience="string",
radius_servers=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRadiusServerArgs(
address="string",
score=0,
secret="string",
)],
revoked_certificates=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs(
name="string",
thumbprint="string",
)],
root_certificates=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs(
name="string",
public_cert_data="string",
)],
virtual_network_gateway_client_connections=[azure.network.VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnectionArgs(
address_prefixes=["string"],
name="string",
policy_group_names=["string"],
)],
vpn_auth_types=["string"],
vpn_client_protocols=["string"],
),
vpn_type="string")
const virtualNetworkGatewayResource = new azure.network.VirtualNetworkGateway("virtualNetworkGatewayResource", {
ipConfigurations: [{
publicIpAddressId: "string",
subnetId: "string",
name: "string",
privateIpAddressAllocation: "string",
}],
type: "string",
sku: "string",
resourceGroupName: "string",
ipSecReplayProtectionEnabled: false,
policyGroups: [{
name: "string",
policyMembers: [{
name: "string",
type: "string",
value: "string",
}],
isDefault: false,
priority: 0,
}],
edgeZone: "string",
enableBgp: false,
generation: "string",
defaultLocalNetworkGatewayId: "string",
activeActive: false,
location: "string",
name: "string",
dnsForwardingEnabled: false,
privateIpAddressEnabled: false,
remoteVnetTrafficEnabled: false,
customRoute: {
addressPrefixes: ["string"],
},
bgpSettings: {
asn: 0,
peerWeight: 0,
peeringAddresses: [{
apipaAddresses: ["string"],
defaultAddresses: ["string"],
ipConfigurationName: "string",
tunnelIpAddresses: ["string"],
}],
},
tags: {
string: "string",
},
bgpRouteTranslationForNatEnabled: false,
virtualWanTrafficEnabled: false,
vpnClientConfiguration: {
addressSpaces: ["string"],
radiusServerSecret: "string",
aadTenant: "string",
aadIssuer: "string",
ipsecPolicy: {
dhGroup: "string",
ikeEncryption: "string",
ikeIntegrity: "string",
ipsecEncryption: "string",
ipsecIntegrity: "string",
pfsGroup: "string",
saDataSizeInKilobytes: 0,
saLifetimeInSeconds: 0,
},
radiusServerAddress: "string",
aadAudience: "string",
radiusServers: [{
address: "string",
score: 0,
secret: "string",
}],
revokedCertificates: [{
name: "string",
thumbprint: "string",
}],
rootCertificates: [{
name: "string",
publicCertData: "string",
}],
virtualNetworkGatewayClientConnections: [{
addressPrefixes: ["string"],
name: "string",
policyGroupNames: ["string"],
}],
vpnAuthTypes: ["string"],
vpnClientProtocols: ["string"],
},
vpnType: "string",
});
type: azure:network:VirtualNetworkGateway
properties:
activeActive: false
bgpRouteTranslationForNatEnabled: false
bgpSettings:
asn: 0
peerWeight: 0
peeringAddresses:
- apipaAddresses:
- string
defaultAddresses:
- string
ipConfigurationName: string
tunnelIpAddresses:
- string
customRoute:
addressPrefixes:
- string
defaultLocalNetworkGatewayId: string
dnsForwardingEnabled: false
edgeZone: string
enableBgp: false
generation: string
ipConfigurations:
- name: string
privateIpAddressAllocation: string
publicIpAddressId: string
subnetId: string
ipSecReplayProtectionEnabled: false
location: string
name: string
policyGroups:
- isDefault: false
name: string
policyMembers:
- name: string
type: string
value: string
priority: 0
privateIpAddressEnabled: false
remoteVnetTrafficEnabled: false
resourceGroupName: string
sku: string
tags:
string: string
type: string
virtualWanTrafficEnabled: false
vpnClientConfiguration:
aadAudience: string
aadIssuer: string
aadTenant: string
addressSpaces:
- string
ipsecPolicy:
dhGroup: string
ikeEncryption: string
ikeIntegrity: string
ipsecEncryption: string
ipsecIntegrity: string
pfsGroup: string
saDataSizeInKilobytes: 0
saLifetimeInSeconds: 0
radiusServerAddress: string
radiusServerSecret: string
radiusServers:
- address: string
score: 0
secret: string
revokedCertificates:
- name: string
thumbprint: string
rootCertificates:
- name: string
publicCertData: string
virtualNetworkGatewayClientConnections:
- addressPrefixes:
- string
name: string
policyGroupNames:
- string
vpnAuthTypes:
- string
vpnClientProtocols:
- string
vpnType: string
VirtualNetworkGateway Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The VirtualNetworkGateway resource accepts the following input properties:
- Ip
Configurations List<VirtualNetwork Gateway Ip Configuration> - One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks. - Resource
Group stringName - The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- Sku string
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- Type string
- The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created. - Active
Active bool - If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
. - Bgp
Route boolTranslation For Nat Enabled - Is BGP Route Translation for NAT enabled? Defaults to
false
. - Bgp
Settings VirtualNetwork Gateway Bgp Settings - A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined. - Custom
Route VirtualNetwork Gateway Custom Route - A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient. - Default
Local stringNetwork Gateway Id - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- Dns
Forwarding boolEnabled - Is DNS forwarding enabled?
- Edge
Zone string - Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- Enable
Bgp bool - If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
. - Generation string
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- Ip
Sec boolReplay Protection Enabled - Is IP Sec Replay Protection enabled? Defaults to
true
. - Location string
- The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- Name string
- The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- Policy
Groups List<VirtualNetwork Gateway Policy Group> - One or more
policy_group
blocks as defined below. - Private
Ip boolAddress Enabled - Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- Remote
Vnet boolTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to
false
. - Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Virtual
Wan boolTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to
false
. - Vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration - A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections. - Vpn
Type string - The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- Ip
Configurations []VirtualNetwork Gateway Ip Configuration Args - One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks. - Resource
Group stringName - The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- Sku string
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- Type string
- The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created. - Active
Active bool - If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
. - Bgp
Route boolTranslation For Nat Enabled - Is BGP Route Translation for NAT enabled? Defaults to
false
. - Bgp
Settings VirtualNetwork Gateway Bgp Settings Args - A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined. - Custom
Route VirtualNetwork Gateway Custom Route Args - A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient. - Default
Local stringNetwork Gateway Id - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- Dns
Forwarding boolEnabled - Is DNS forwarding enabled?
- Edge
Zone string - Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- Enable
Bgp bool - If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
. - Generation string
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- Ip
Sec boolReplay Protection Enabled - Is IP Sec Replay Protection enabled? Defaults to
true
. - Location string
- The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- Name string
- The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- Policy
Groups []VirtualNetwork Gateway Policy Group Args - One or more
policy_group
blocks as defined below. - Private
Ip boolAddress Enabled - Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- Remote
Vnet boolTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to
false
. - map[string]string
- A mapping of tags to assign to the resource.
- Virtual
Wan boolTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to
false
. - Vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration Args - A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections. - Vpn
Type string - The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- ip
Configurations List<VirtualNetwork Gateway Ip Configuration> - One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks. - resource
Group StringName - The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku String
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- type String
- The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created. - active
Active Boolean - If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
. - bgp
Route BooleanTranslation For Nat Enabled - Is BGP Route Translation for NAT enabled? Defaults to
false
. - bgp
Settings VirtualNetwork Gateway Bgp Settings - A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined. - custom
Route VirtualNetwork Gateway Custom Route - A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient. - default
Local StringNetwork Gateway Id - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- dns
Forwarding BooleanEnabled - Is DNS forwarding enabled?
- edge
Zone String - Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable
Bgp Boolean - If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
. - generation String
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- ip
Sec BooleanReplay Protection Enabled - Is IP Sec Replay Protection enabled? Defaults to
true
. - location String
- The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name String
- The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- policy
Groups List<VirtualNetwork Gateway Policy Group> - One or more
policy_group
blocks as defined below. - private
Ip BooleanAddress Enabled - Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- remote
Vnet BooleanTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to
false
. - Map<String,String>
- A mapping of tags to assign to the resource.
- virtual
Wan BooleanTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to
false
. - vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration - A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections. - vpn
Type String - The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- ip
Configurations VirtualNetwork Gateway Ip Configuration[] - One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks. - resource
Group stringName - The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku string
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- type string
- The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created. - active
Active boolean - If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
. - bgp
Route booleanTranslation For Nat Enabled - Is BGP Route Translation for NAT enabled? Defaults to
false
. - bgp
Settings VirtualNetwork Gateway Bgp Settings - A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined. - custom
Route VirtualNetwork Gateway Custom Route - A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient. - default
Local stringNetwork Gateway Id - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- dns
Forwarding booleanEnabled - Is DNS forwarding enabled?
- edge
Zone string - Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable
Bgp boolean - If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
. - generation string
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- ip
Sec booleanReplay Protection Enabled - Is IP Sec Replay Protection enabled? Defaults to
true
. - location string
- The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name string
- The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- policy
Groups VirtualNetwork Gateway Policy Group[] - One or more
policy_group
blocks as defined below. - private
Ip booleanAddress Enabled - Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- remote
Vnet booleanTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to
false
. - {[key: string]: string}
- A mapping of tags to assign to the resource.
- virtual
Wan booleanTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to
false
. - vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration - A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections. - vpn
Type string - The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- ip_
configurations Sequence[VirtualNetwork Gateway Ip Configuration Args] - One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks. - resource_
group_ strname - The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku str
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- type str
- The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created. - active_
active bool - If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
. - bgp_
route_ booltranslation_ for_ nat_ enabled - Is BGP Route Translation for NAT enabled? Defaults to
false
. - bgp_
settings VirtualNetwork Gateway Bgp Settings Args - A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined. - custom_
route VirtualNetwork Gateway Custom Route Args - A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient. - default_
local_ strnetwork_ gateway_ id - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- dns_
forwarding_ boolenabled - Is DNS forwarding enabled?
- edge_
zone str - Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable_
bgp bool - If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
. - generation str
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- ip_
sec_ boolreplay_ protection_ enabled - Is IP Sec Replay Protection enabled? Defaults to
true
. - location str
- The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name str
- The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- policy_
groups Sequence[VirtualNetwork Gateway Policy Group Args] - One or more
policy_group
blocks as defined below. - private_
ip_ booladdress_ enabled - Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- remote_
vnet_ booltraffic_ enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to
false
. - Mapping[str, str]
- A mapping of tags to assign to the resource.
- virtual_
wan_ booltraffic_ enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to
false
. - vpn_
client_ Virtualconfiguration Network Gateway Vpn Client Configuration Args - A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections. - vpn_
type str - The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- ip
Configurations List<Property Map> - One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks. - resource
Group StringName - The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku String
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- type String
- The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created. - active
Active Boolean - If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
. - bgp
Route BooleanTranslation For Nat Enabled - Is BGP Route Translation for NAT enabled? Defaults to
false
. - bgp
Settings Property Map - A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined. - custom
Route Property Map - A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient. - default
Local StringNetwork Gateway Id - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- dns
Forwarding BooleanEnabled - Is DNS forwarding enabled?
- edge
Zone String - Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable
Bgp Boolean - If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
. - generation String
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- ip
Sec BooleanReplay Protection Enabled - Is IP Sec Replay Protection enabled? Defaults to
true
. - location String
- The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name String
- The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- policy
Groups List<Property Map> - One or more
policy_group
blocks as defined below. - private
Ip BooleanAddress Enabled - Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- remote
Vnet BooleanTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to
false
. - Map<String>
- A mapping of tags to assign to the resource.
- virtual
Wan BooleanTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to
false
. - vpn
Client Property MapConfiguration - A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections. - vpn
Type String - The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
Outputs
All input properties are implicitly available as output properties. Additionally, the VirtualNetworkGateway resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing VirtualNetworkGateway Resource
Get an existing VirtualNetworkGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: VirtualNetworkGatewayState, opts?: CustomResourceOptions): VirtualNetworkGateway
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
active_active: Optional[bool] = None,
bgp_route_translation_for_nat_enabled: Optional[bool] = None,
bgp_settings: Optional[VirtualNetworkGatewayBgpSettingsArgs] = None,
custom_route: Optional[VirtualNetworkGatewayCustomRouteArgs] = None,
default_local_network_gateway_id: Optional[str] = None,
dns_forwarding_enabled: Optional[bool] = None,
edge_zone: Optional[str] = None,
enable_bgp: Optional[bool] = None,
generation: Optional[str] = None,
ip_configurations: Optional[Sequence[VirtualNetworkGatewayIpConfigurationArgs]] = None,
ip_sec_replay_protection_enabled: Optional[bool] = None,
location: Optional[str] = None,
name: Optional[str] = None,
policy_groups: Optional[Sequence[VirtualNetworkGatewayPolicyGroupArgs]] = None,
private_ip_address_enabled: Optional[bool] = None,
remote_vnet_traffic_enabled: Optional[bool] = None,
resource_group_name: Optional[str] = None,
sku: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
type: Optional[str] = None,
virtual_wan_traffic_enabled: Optional[bool] = None,
vpn_client_configuration: Optional[VirtualNetworkGatewayVpnClientConfigurationArgs] = None,
vpn_type: Optional[str] = None) -> VirtualNetworkGateway
func GetVirtualNetworkGateway(ctx *Context, name string, id IDInput, state *VirtualNetworkGatewayState, opts ...ResourceOption) (*VirtualNetworkGateway, error)
public static VirtualNetworkGateway Get(string name, Input<string> id, VirtualNetworkGatewayState? state, CustomResourceOptions? opts = null)
public static VirtualNetworkGateway get(String name, Output<String> id, VirtualNetworkGatewayState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Active
Active bool - If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
. - Bgp
Route boolTranslation For Nat Enabled - Is BGP Route Translation for NAT enabled? Defaults to
false
. - Bgp
Settings VirtualNetwork Gateway Bgp Settings - A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined. - Custom
Route VirtualNetwork Gateway Custom Route - A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient. - Default
Local stringNetwork Gateway Id - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- Dns
Forwarding boolEnabled - Is DNS forwarding enabled?
- Edge
Zone string - Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- Enable
Bgp bool - If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
. - Generation string
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- Ip
Configurations List<VirtualNetwork Gateway Ip Configuration> - One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks. - Ip
Sec boolReplay Protection Enabled - Is IP Sec Replay Protection enabled? Defaults to
true
. - Location string
- The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- Name string
- The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- Policy
Groups List<VirtualNetwork Gateway Policy Group> - One or more
policy_group
blocks as defined below. - Private
Ip boolAddress Enabled - Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- Remote
Vnet boolTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to
false
. - Resource
Group stringName - The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- Sku string
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Type string
- The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created. - Virtual
Wan boolTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to
false
. - Vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration - A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections. - Vpn
Type string - The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- Active
Active bool - If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
. - Bgp
Route boolTranslation For Nat Enabled - Is BGP Route Translation for NAT enabled? Defaults to
false
. - Bgp
Settings VirtualNetwork Gateway Bgp Settings Args - A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined. - Custom
Route VirtualNetwork Gateway Custom Route Args - A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient. - Default
Local stringNetwork Gateway Id - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- Dns
Forwarding boolEnabled - Is DNS forwarding enabled?
- Edge
Zone string - Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- Enable
Bgp bool - If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
. - Generation string
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- Ip
Configurations []VirtualNetwork Gateway Ip Configuration Args - One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks. - Ip
Sec boolReplay Protection Enabled - Is IP Sec Replay Protection enabled? Defaults to
true
. - Location string
- The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- Name string
- The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- Policy
Groups []VirtualNetwork Gateway Policy Group Args - One or more
policy_group
blocks as defined below. - Private
Ip boolAddress Enabled - Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- Remote
Vnet boolTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to
false
. - Resource
Group stringName - The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- Sku string
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- map[string]string
- A mapping of tags to assign to the resource.
- Type string
- The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created. - Virtual
Wan boolTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to
false
. - Vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration Args - A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections. - Vpn
Type string - The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- active
Active Boolean - If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
. - bgp
Route BooleanTranslation For Nat Enabled - Is BGP Route Translation for NAT enabled? Defaults to
false
. - bgp
Settings VirtualNetwork Gateway Bgp Settings - A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined. - custom
Route VirtualNetwork Gateway Custom Route - A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient. - default
Local StringNetwork Gateway Id - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- dns
Forwarding BooleanEnabled - Is DNS forwarding enabled?
- edge
Zone String - Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable
Bgp Boolean - If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
. - generation String
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- ip
Configurations List<VirtualNetwork Gateway Ip Configuration> - One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks. - ip
Sec BooleanReplay Protection Enabled - Is IP Sec Replay Protection enabled? Defaults to
true
. - location String
- The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name String
- The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- policy
Groups List<VirtualNetwork Gateway Policy Group> - One or more
policy_group
blocks as defined below. - private
Ip BooleanAddress Enabled - Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- remote
Vnet BooleanTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to
false
. - resource
Group StringName - The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku String
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- Map<String,String>
- A mapping of tags to assign to the resource.
- type String
- The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created. - virtual
Wan BooleanTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to
false
. - vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration - A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections. - vpn
Type String - The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- active
Active boolean - If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
. - bgp
Route booleanTranslation For Nat Enabled - Is BGP Route Translation for NAT enabled? Defaults to
false
. - bgp
Settings VirtualNetwork Gateway Bgp Settings - A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined. - custom
Route VirtualNetwork Gateway Custom Route - A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient. - default
Local stringNetwork Gateway Id - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- dns
Forwarding booleanEnabled - Is DNS forwarding enabled?
- edge
Zone string - Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable
Bgp boolean - If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
. - generation string
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- ip
Configurations VirtualNetwork Gateway Ip Configuration[] - One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks. - ip
Sec booleanReplay Protection Enabled - Is IP Sec Replay Protection enabled? Defaults to
true
. - location string
- The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name string
- The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- policy
Groups VirtualNetwork Gateway Policy Group[] - One or more
policy_group
blocks as defined below. - private
Ip booleanAddress Enabled - Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- remote
Vnet booleanTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to
false
. - resource
Group stringName - The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku string
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- {[key: string]: string}
- A mapping of tags to assign to the resource.
- type string
- The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created. - virtual
Wan booleanTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to
false
. - vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration - A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections. - vpn
Type string - The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- active_
active bool - If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
. - bgp_
route_ booltranslation_ for_ nat_ enabled - Is BGP Route Translation for NAT enabled? Defaults to
false
. - bgp_
settings VirtualNetwork Gateway Bgp Settings Args - A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined. - custom_
route VirtualNetwork Gateway Custom Route Args - A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient. - default_
local_ strnetwork_ gateway_ id - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- dns_
forwarding_ boolenabled - Is DNS forwarding enabled?
- edge_
zone str - Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable_
bgp bool - If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
. - generation str
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- ip_
configurations Sequence[VirtualNetwork Gateway Ip Configuration Args] - One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks. - ip_
sec_ boolreplay_ protection_ enabled - Is IP Sec Replay Protection enabled? Defaults to
true
. - location str
- The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name str
- The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- policy_
groups Sequence[VirtualNetwork Gateway Policy Group Args] - One or more
policy_group
blocks as defined below. - private_
ip_ booladdress_ enabled - Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- remote_
vnet_ booltraffic_ enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to
false
. - resource_
group_ strname - The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku str
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- Mapping[str, str]
- A mapping of tags to assign to the resource.
- type str
- The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created. - virtual_
wan_ booltraffic_ enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to
false
. - vpn_
client_ Virtualconfiguration Network Gateway Vpn Client Configuration Args - A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections. - vpn_
type str - The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- active
Active Boolean - If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
. - bgp
Route BooleanTranslation For Nat Enabled - Is BGP Route Translation for NAT enabled? Defaults to
false
. - bgp
Settings Property Map - A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined. - custom
Route Property Map - A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient. - default
Local StringNetwork Gateway Id - The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- dns
Forwarding BooleanEnabled - Is DNS forwarding enabled?
- edge
Zone String - Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable
Bgp Boolean - If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
. - generation String
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- ip
Configurations List<Property Map> - One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks. - ip
Sec BooleanReplay Protection Enabled - Is IP Sec Replay Protection enabled? Defaults to
true
. - location String
- The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name String
- The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- policy
Groups List<Property Map> - One or more
policy_group
blocks as defined below. - private
Ip BooleanAddress Enabled - Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- remote
Vnet BooleanTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from other Azure Virtual Networks enabled? Defaults to
false
. - resource
Group StringName - The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku String
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- Map<String>
- A mapping of tags to assign to the resource.
- type String
- The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created. - virtual
Wan BooleanTraffic Enabled - Is remote vnet traffic that is used to configure this gateway to accept traffic from remote Virtual WAN networks enabled? Defaults to
false
. - vpn
Client Property MapConfiguration - A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections. - vpn
Type String - The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
Supporting Types
VirtualNetworkGatewayBgpSettings, VirtualNetworkGatewayBgpSettingsArgs
- Asn int
- The Autonomous System Number (ASN) to use as part of the BGP.
- Peer
Weight int - The weight added to routes which have been learned through BGP peering. Valid values can be between
0
and100
. - Peering
Addresses List<VirtualNetwork Gateway Bgp Settings Peering Address> - A list of
peering_addresses
blocks as defined below. Only onepeering_addresses
block can be specified except whenactive_active
of this Virtual Network Gateway istrue
.
- Asn int
- The Autonomous System Number (ASN) to use as part of the BGP.
- Peer
Weight int - The weight added to routes which have been learned through BGP peering. Valid values can be between
0
and100
. - Peering
Addresses []VirtualNetwork Gateway Bgp Settings Peering Address - A list of
peering_addresses
blocks as defined below. Only onepeering_addresses
block can be specified except whenactive_active
of this Virtual Network Gateway istrue
.
- asn Integer
- The Autonomous System Number (ASN) to use as part of the BGP.
- peer
Weight Integer - The weight added to routes which have been learned through BGP peering. Valid values can be between
0
and100
. - peering
Addresses List<VirtualNetwork Gateway Bgp Settings Peering Address> - A list of
peering_addresses
blocks as defined below. Only onepeering_addresses
block can be specified except whenactive_active
of this Virtual Network Gateway istrue
.
- asn number
- The Autonomous System Number (ASN) to use as part of the BGP.
- peer
Weight number - The weight added to routes which have been learned through BGP peering. Valid values can be between
0
and100
. - peering
Addresses VirtualNetwork Gateway Bgp Settings Peering Address[] - A list of
peering_addresses
blocks as defined below. Only onepeering_addresses
block can be specified except whenactive_active
of this Virtual Network Gateway istrue
.
- asn int
- The Autonomous System Number (ASN) to use as part of the BGP.
- peer_
weight int - The weight added to routes which have been learned through BGP peering. Valid values can be between
0
and100
. - peering_
addresses Sequence[VirtualNetwork Gateway Bgp Settings Peering Address] - A list of
peering_addresses
blocks as defined below. Only onepeering_addresses
block can be specified except whenactive_active
of this Virtual Network Gateway istrue
.
- asn Number
- The Autonomous System Number (ASN) to use as part of the BGP.
- peer
Weight Number - The weight added to routes which have been learned through BGP peering. Valid values can be between
0
and100
. - peering
Addresses List<Property Map> - A list of
peering_addresses
blocks as defined below. Only onepeering_addresses
block can be specified except whenactive_active
of this Virtual Network Gateway istrue
.
VirtualNetworkGatewayBgpSettingsPeeringAddress, VirtualNetworkGatewayBgpSettingsPeeringAddressArgs
- Apipa
Addresses List<string> A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
Note: The valid range for the reserved APIPA address in Azure Public is from
169.254.21.0
to169.254.22.255
.- Default
Addresses List<string> - A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
- Ip
Configuration stringName - The name of the IP configuration of this Virtual Network Gateway. In case there are multiple
ip_configuration
blocks defined, this property is required to specify. - Tunnel
Ip List<string>Addresses - A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
- Apipa
Addresses []string A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
Note: The valid range for the reserved APIPA address in Azure Public is from
169.254.21.0
to169.254.22.255
.- Default
Addresses []string - A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
- Ip
Configuration stringName - The name of the IP configuration of this Virtual Network Gateway. In case there are multiple
ip_configuration
blocks defined, this property is required to specify. - Tunnel
Ip []stringAddresses - A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
- apipa
Addresses List<String> A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
Note: The valid range for the reserved APIPA address in Azure Public is from
169.254.21.0
to169.254.22.255
.- default
Addresses List<String> - A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
- ip
Configuration StringName - The name of the IP configuration of this Virtual Network Gateway. In case there are multiple
ip_configuration
blocks defined, this property is required to specify. - tunnel
Ip List<String>Addresses - A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
- apipa
Addresses string[] A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
Note: The valid range for the reserved APIPA address in Azure Public is from
169.254.21.0
to169.254.22.255
.- default
Addresses string[] - A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
- ip
Configuration stringName - The name of the IP configuration of this Virtual Network Gateway. In case there are multiple
ip_configuration
blocks defined, this property is required to specify. - tunnel
Ip string[]Addresses - A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
- apipa_
addresses Sequence[str] A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
Note: The valid range for the reserved APIPA address in Azure Public is from
169.254.21.0
to169.254.22.255
.- default_
addresses Sequence[str] - A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
- ip_
configuration_ strname - The name of the IP configuration of this Virtual Network Gateway. In case there are multiple
ip_configuration
blocks defined, this property is required to specify. - tunnel_
ip_ Sequence[str]addresses - A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
- apipa
Addresses List<String> A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
Note: The valid range for the reserved APIPA address in Azure Public is from
169.254.21.0
to169.254.22.255
.- default
Addresses List<String> - A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
- ip
Configuration StringName - The name of the IP configuration of this Virtual Network Gateway. In case there are multiple
ip_configuration
blocks defined, this property is required to specify. - tunnel
Ip List<String>Addresses - A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
VirtualNetworkGatewayCustomRoute, VirtualNetworkGatewayCustomRouteArgs
- Address
Prefixes List<string> - A list of address blocks reserved for this virtual network in CIDR notation.
- Address
Prefixes []string - A list of address blocks reserved for this virtual network in CIDR notation.
- address
Prefixes List<String> - A list of address blocks reserved for this virtual network in CIDR notation.
- address
Prefixes string[] - A list of address blocks reserved for this virtual network in CIDR notation.
- address_
prefixes Sequence[str] - A list of address blocks reserved for this virtual network in CIDR notation.
- address
Prefixes List<String> - A list of address blocks reserved for this virtual network in CIDR notation.
VirtualNetworkGatewayIpConfiguration, VirtualNetworkGatewayIpConfigurationArgs
- Public
Ip stringAddress Id - The ID of the public IP address to associate with the Virtual Network Gateway.
- Subnet
Id string - The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named
GatewaySubnet
. Therefore, each virtual network can contain at most a single Virtual Network Gateway. - Name string
- A user-defined name of the IP configuration. Defaults to
vnetGatewayConfig
. - Private
Ip stringAddress Allocation - Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is
Dynamic
for Virtual Network Gateway (Static
is not supported by the service yet). Defaults toDynamic
.
- Public
Ip stringAddress Id - The ID of the public IP address to associate with the Virtual Network Gateway.
- Subnet
Id string - The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named
GatewaySubnet
. Therefore, each virtual network can contain at most a single Virtual Network Gateway. - Name string
- A user-defined name of the IP configuration. Defaults to
vnetGatewayConfig
. - Private
Ip stringAddress Allocation - Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is
Dynamic
for Virtual Network Gateway (Static
is not supported by the service yet). Defaults toDynamic
.
- public
Ip StringAddress Id - The ID of the public IP address to associate with the Virtual Network Gateway.
- subnet
Id String - The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named
GatewaySubnet
. Therefore, each virtual network can contain at most a single Virtual Network Gateway. - name String
- A user-defined name of the IP configuration. Defaults to
vnetGatewayConfig
. - private
Ip StringAddress Allocation - Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is
Dynamic
for Virtual Network Gateway (Static
is not supported by the service yet). Defaults toDynamic
.
- public
Ip stringAddress Id - The ID of the public IP address to associate with the Virtual Network Gateway.
- subnet
Id string - The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named
GatewaySubnet
. Therefore, each virtual network can contain at most a single Virtual Network Gateway. - name string
- A user-defined name of the IP configuration. Defaults to
vnetGatewayConfig
. - private
Ip stringAddress Allocation - Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is
Dynamic
for Virtual Network Gateway (Static
is not supported by the service yet). Defaults toDynamic
.
- public_
ip_ straddress_ id - The ID of the public IP address to associate with the Virtual Network Gateway.
- subnet_
id str - The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named
GatewaySubnet
. Therefore, each virtual network can contain at most a single Virtual Network Gateway. - name str
- A user-defined name of the IP configuration. Defaults to
vnetGatewayConfig
. - private_
ip_ straddress_ allocation - Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is
Dynamic
for Virtual Network Gateway (Static
is not supported by the service yet). Defaults toDynamic
.
- public
Ip StringAddress Id - The ID of the public IP address to associate with the Virtual Network Gateway.
- subnet
Id String - The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named
GatewaySubnet
. Therefore, each virtual network can contain at most a single Virtual Network Gateway. - name String
- A user-defined name of the IP configuration. Defaults to
vnetGatewayConfig
. - private
Ip StringAddress Allocation - Defines how the private IP address of the gateways virtual interface is assigned. The only valid value is
Dynamic
for Virtual Network Gateway (Static
is not supported by the service yet). Defaults toDynamic
.
VirtualNetworkGatewayPolicyGroup, VirtualNetworkGatewayPolicyGroupArgs
- Name string
- The name of the Virtual Network Gateway Policy Group.
- Policy
Members List<VirtualNetwork Gateway Policy Group Policy Member> - One or more
policy_member
blocks as defined below. - Is
Default bool - Is this a Default Virtual Network Gateway Policy Group? Defaults to
false
. - Priority int
- The priority for the Virtual Network Gateway Policy Group. Defaults to
0
.
- Name string
- The name of the Virtual Network Gateway Policy Group.
- Policy
Members []VirtualNetwork Gateway Policy Group Policy Member - One or more
policy_member
blocks as defined below. - Is
Default bool - Is this a Default Virtual Network Gateway Policy Group? Defaults to
false
. - Priority int
- The priority for the Virtual Network Gateway Policy Group. Defaults to
0
.
- name String
- The name of the Virtual Network Gateway Policy Group.
- policy
Members List<VirtualNetwork Gateway Policy Group Policy Member> - One or more
policy_member
blocks as defined below. - is
Default Boolean - Is this a Default Virtual Network Gateway Policy Group? Defaults to
false
. - priority Integer
- The priority for the Virtual Network Gateway Policy Group. Defaults to
0
.
- name string
- The name of the Virtual Network Gateway Policy Group.
- policy
Members VirtualNetwork Gateway Policy Group Policy Member[] - One or more
policy_member
blocks as defined below. - is
Default boolean - Is this a Default Virtual Network Gateway Policy Group? Defaults to
false
. - priority number
- The priority for the Virtual Network Gateway Policy Group. Defaults to
0
.
- name str
- The name of the Virtual Network Gateway Policy Group.
- policy_
members Sequence[VirtualNetwork Gateway Policy Group Policy Member] - One or more
policy_member
blocks as defined below. - is_
default bool - Is this a Default Virtual Network Gateway Policy Group? Defaults to
false
. - priority int
- The priority for the Virtual Network Gateway Policy Group. Defaults to
0
.
- name String
- The name of the Virtual Network Gateway Policy Group.
- policy
Members List<Property Map> - One or more
policy_member
blocks as defined below. - is
Default Boolean - Is this a Default Virtual Network Gateway Policy Group? Defaults to
false
. - priority Number
- The priority for the Virtual Network Gateway Policy Group. Defaults to
0
.
VirtualNetworkGatewayPolicyGroupPolicyMember, VirtualNetworkGatewayPolicyGroupPolicyMemberArgs
VirtualNetworkGatewayVpnClientConfiguration, VirtualNetworkGatewayVpnClientConfigurationArgs
- Address
Spaces List<string> - The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
- Aad
Audience string - The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
- Aad
Issuer string - The STS url for your tenant
- Aad
Tenant string - AzureAD Tenant URL
- Ipsec
Policy VirtualNetwork Gateway Vpn Client Configuration Ipsec Policy - An
ipsec_policy
block as defined below. - Radius
Server stringAddress - The address of the Radius server.
- Radius
Server stringSecret - The secret used by the Radius server.
- Radius
Servers List<VirtualNetwork Gateway Vpn Client Configuration Radius Server> - One or more
radius_server
blocks as defined below. - Revoked
Certificates List<VirtualNetwork Gateway Vpn Client Configuration Revoked Certificate> - One or more
revoked_certificate
blocks which are defined below. - Root
Certificates List<VirtualNetwork Gateway Vpn Client Configuration Root Certificate> - One or more
root_certificate
blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway. - Virtual
Network List<VirtualGateway Client Connections Network Gateway Vpn Client Configuration Virtual Network Gateway Client Connection> - One or more
virtual_network_gateway_client_connection
blocks as defined below. - Vpn
Auth List<string>Types List of the vpn authentication types for the virtual network gateway. The supported values are
AAD
,Radius
andCertificate
.NOTE:
vpn_auth_types
must be set when using multiple vpn authentication types.- Vpn
Client List<string>Protocols - List of the protocols supported by the vpn client.
The supported values are
SSTP
,IkeV2
andOpenVPN
. ValuesSSTP
andIkeV2
are incompatible with the use ofaad_tenant
,aad_audience
andaad_issuer
.
- Address
Spaces []string - The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
- Aad
Audience string - The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
- Aad
Issuer string - The STS url for your tenant
- Aad
Tenant string - AzureAD Tenant URL
- Ipsec
Policy VirtualNetwork Gateway Vpn Client Configuration Ipsec Policy - An
ipsec_policy
block as defined below. - Radius
Server stringAddress - The address of the Radius server.
- Radius
Server stringSecret - The secret used by the Radius server.
- Radius
Servers []VirtualNetwork Gateway Vpn Client Configuration Radius Server - One or more
radius_server
blocks as defined below. - Revoked
Certificates []VirtualNetwork Gateway Vpn Client Configuration Revoked Certificate - One or more
revoked_certificate
blocks which are defined below. - Root
Certificates []VirtualNetwork Gateway Vpn Client Configuration Root Certificate - One or more
root_certificate
blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway. - Virtual
Network []VirtualGateway Client Connections Network Gateway Vpn Client Configuration Virtual Network Gateway Client Connection - One or more
virtual_network_gateway_client_connection
blocks as defined below. - Vpn
Auth []stringTypes List of the vpn authentication types for the virtual network gateway. The supported values are
AAD
,Radius
andCertificate
.NOTE:
vpn_auth_types
must be set when using multiple vpn authentication types.- Vpn
Client []stringProtocols - List of the protocols supported by the vpn client.
The supported values are
SSTP
,IkeV2
andOpenVPN
. ValuesSSTP
andIkeV2
are incompatible with the use ofaad_tenant
,aad_audience
andaad_issuer
.
- address
Spaces List<String> - The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
- aad
Audience String - The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
- aad
Issuer String - The STS url for your tenant
- aad
Tenant String - AzureAD Tenant URL
- ipsec
Policy VirtualNetwork Gateway Vpn Client Configuration Ipsec Policy - An
ipsec_policy
block as defined below. - radius
Server StringAddress - The address of the Radius server.
- radius
Server StringSecret - The secret used by the Radius server.
- radius
Servers List<VirtualNetwork Gateway Vpn Client Configuration Radius Server> - One or more
radius_server
blocks as defined below. - revoked
Certificates List<VirtualNetwork Gateway Vpn Client Configuration Revoked Certificate> - One or more
revoked_certificate
blocks which are defined below. - root
Certificates List<VirtualNetwork Gateway Vpn Client Configuration Root Certificate> - One or more
root_certificate
blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway. - virtual
Network List<VirtualGateway Client Connections Network Gateway Vpn Client Configuration Virtual Network Gateway Client Connection> - One or more
virtual_network_gateway_client_connection
blocks as defined below. - vpn
Auth List<String>Types List of the vpn authentication types for the virtual network gateway. The supported values are
AAD
,Radius
andCertificate
.NOTE:
vpn_auth_types
must be set when using multiple vpn authentication types.- vpn
Client List<String>Protocols - List of the protocols supported by the vpn client.
The supported values are
SSTP
,IkeV2
andOpenVPN
. ValuesSSTP
andIkeV2
are incompatible with the use ofaad_tenant
,aad_audience
andaad_issuer
.
- address
Spaces string[] - The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
- aad
Audience string - The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
- aad
Issuer string - The STS url for your tenant
- aad
Tenant string - AzureAD Tenant URL
- ipsec
Policy VirtualNetwork Gateway Vpn Client Configuration Ipsec Policy - An
ipsec_policy
block as defined below. - radius
Server stringAddress - The address of the Radius server.
- radius
Server stringSecret - The secret used by the Radius server.
- radius
Servers VirtualNetwork Gateway Vpn Client Configuration Radius Server[] - One or more
radius_server
blocks as defined below. - revoked
Certificates VirtualNetwork Gateway Vpn Client Configuration Revoked Certificate[] - One or more
revoked_certificate
blocks which are defined below. - root
Certificates VirtualNetwork Gateway Vpn Client Configuration Root Certificate[] - One or more
root_certificate
blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway. - virtual
Network VirtualGateway Client Connections Network Gateway Vpn Client Configuration Virtual Network Gateway Client Connection[] - One or more
virtual_network_gateway_client_connection
blocks as defined below. - vpn
Auth string[]Types List of the vpn authentication types for the virtual network gateway. The supported values are
AAD
,Radius
andCertificate
.NOTE:
vpn_auth_types
must be set when using multiple vpn authentication types.- vpn
Client string[]Protocols - List of the protocols supported by the vpn client.
The supported values are
SSTP
,IkeV2
andOpenVPN
. ValuesSSTP
andIkeV2
are incompatible with the use ofaad_tenant
,aad_audience
andaad_issuer
.
- address_
spaces Sequence[str] - The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
- aad_
audience str - The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
- aad_
issuer str - The STS url for your tenant
- aad_
tenant str - AzureAD Tenant URL
- ipsec_
policy VirtualNetwork Gateway Vpn Client Configuration Ipsec Policy - An
ipsec_policy
block as defined below. - radius_
server_ straddress - The address of the Radius server.
- radius_
server_ strsecret - The secret used by the Radius server.
- radius_
servers Sequence[VirtualNetwork Gateway Vpn Client Configuration Radius Server] - One or more
radius_server
blocks as defined below. - revoked_
certificates Sequence[VirtualNetwork Gateway Vpn Client Configuration Revoked Certificate] - One or more
revoked_certificate
blocks which are defined below. - root_
certificates Sequence[VirtualNetwork Gateway Vpn Client Configuration Root Certificate] - One or more
root_certificate
blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway. - virtual_
network_ Sequence[Virtualgateway_ client_ connections Network Gateway Vpn Client Configuration Virtual Network Gateway Client Connection] - One or more
virtual_network_gateway_client_connection
blocks as defined below. - vpn_
auth_ Sequence[str]types List of the vpn authentication types for the virtual network gateway. The supported values are
AAD
,Radius
andCertificate
.NOTE:
vpn_auth_types
must be set when using multiple vpn authentication types.- vpn_
client_ Sequence[str]protocols - List of the protocols supported by the vpn client.
The supported values are
SSTP
,IkeV2
andOpenVPN
. ValuesSSTP
andIkeV2
are incompatible with the use ofaad_tenant
,aad_audience
andaad_issuer
.
- address
Spaces List<String> - The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
- aad
Audience String - The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
- aad
Issuer String - The STS url for your tenant
- aad
Tenant String - AzureAD Tenant URL
- ipsec
Policy Property Map - An
ipsec_policy
block as defined below. - radius
Server StringAddress - The address of the Radius server.
- radius
Server StringSecret - The secret used by the Radius server.
- radius
Servers List<Property Map> - One or more
radius_server
blocks as defined below. - revoked
Certificates List<Property Map> - One or more
revoked_certificate
blocks which are defined below. - root
Certificates List<Property Map> - One or more
root_certificate
blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway. - virtual
Network List<Property Map>Gateway Client Connections - One or more
virtual_network_gateway_client_connection
blocks as defined below. - vpn
Auth List<String>Types List of the vpn authentication types for the virtual network gateway. The supported values are
AAD
,Radius
andCertificate
.NOTE:
vpn_auth_types
must be set when using multiple vpn authentication types.- vpn
Client List<String>Protocols - List of the protocols supported by the vpn client.
The supported values are
SSTP
,IkeV2
andOpenVPN
. ValuesSSTP
andIkeV2
are incompatible with the use ofaad_tenant
,aad_audience
andaad_issuer
.
VirtualNetworkGatewayVpnClientConfigurationIpsecPolicy, VirtualNetworkGatewayVpnClientConfigurationIpsecPolicyArgs
- Dh
Group string - The DH Group, used in IKE Phase 1. Possible values are
DHGroup1
,DHGroup2
,DHGroup14
,DHGroup24
,DHGroup2048
,ECP256
,ECP384
andNone
. - Ike
Encryption string - The IKE encryption algorithm, used for IKE Phase 2. Possible values are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
andGCMAES256
. - Ike
Integrity string - The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are
GCMAES128
,GCMAES256
,MD5
,SHA1
,SHA256
andSHA384
. - Ipsec
Encryption string - The IPSec encryption algorithm, used for IKE phase 1. Possible values are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
,GCMAES192
,GCMAES256
andNone
. - Ipsec
Integrity string - The IPSec integrity algorithm, used for IKE phase 1. Possible values are
GCMAES128
,GCMAES192
,GCMAES256
,MD5
,SHA1
andSHA256
. - Pfs
Group string - The Pfs Group, used in IKE Phase 2. Possible values are
ECP256
,ECP384
,PFS1
,PFS2
,PFS14
,PFS24
,PFS2048
,PFSMM
andNone
. - Sa
Data intSize In Kilobytes - The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between
1024
and2147483647
. - Sa
Lifetime intIn Seconds - The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between
300
and172799
.
- Dh
Group string - The DH Group, used in IKE Phase 1. Possible values are
DHGroup1
,DHGroup2
,DHGroup14
,DHGroup24
,DHGroup2048
,ECP256
,ECP384
andNone
. - Ike
Encryption string - The IKE encryption algorithm, used for IKE Phase 2. Possible values are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
andGCMAES256
. - Ike
Integrity string - The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are
GCMAES128
,GCMAES256
,MD5
,SHA1
,SHA256
andSHA384
. - Ipsec
Encryption string - The IPSec encryption algorithm, used for IKE phase 1. Possible values are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
,GCMAES192
,GCMAES256
andNone
. - Ipsec
Integrity string - The IPSec integrity algorithm, used for IKE phase 1. Possible values are
GCMAES128
,GCMAES192
,GCMAES256
,MD5
,SHA1
andSHA256
. - Pfs
Group string - The Pfs Group, used in IKE Phase 2. Possible values are
ECP256
,ECP384
,PFS1
,PFS2
,PFS14
,PFS24
,PFS2048
,PFSMM
andNone
. - Sa
Data intSize In Kilobytes - The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between
1024
and2147483647
. - Sa
Lifetime intIn Seconds - The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between
300
and172799
.
- dh
Group String - The DH Group, used in IKE Phase 1. Possible values are
DHGroup1
,DHGroup2
,DHGroup14
,DHGroup24
,DHGroup2048
,ECP256
,ECP384
andNone
. - ike
Encryption String - The IKE encryption algorithm, used for IKE Phase 2. Possible values are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
andGCMAES256
. - ike
Integrity String - The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are
GCMAES128
,GCMAES256
,MD5
,SHA1
,SHA256
andSHA384
. - ipsec
Encryption String - The IPSec encryption algorithm, used for IKE phase 1. Possible values are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
,GCMAES192
,GCMAES256
andNone
. - ipsec
Integrity String - The IPSec integrity algorithm, used for IKE phase 1. Possible values are
GCMAES128
,GCMAES192
,GCMAES256
,MD5
,SHA1
andSHA256
. - pfs
Group String - The Pfs Group, used in IKE Phase 2. Possible values are
ECP256
,ECP384
,PFS1
,PFS2
,PFS14
,PFS24
,PFS2048
,PFSMM
andNone
. - sa
Data IntegerSize In Kilobytes - The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between
1024
and2147483647
. - sa
Lifetime IntegerIn Seconds - The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between
300
and172799
.
- dh
Group string - The DH Group, used in IKE Phase 1. Possible values are
DHGroup1
,DHGroup2
,DHGroup14
,DHGroup24
,DHGroup2048
,ECP256
,ECP384
andNone
. - ike
Encryption string - The IKE encryption algorithm, used for IKE Phase 2. Possible values are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
andGCMAES256
. - ike
Integrity string - The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are
GCMAES128
,GCMAES256
,MD5
,SHA1
,SHA256
andSHA384
. - ipsec
Encryption string - The IPSec encryption algorithm, used for IKE phase 1. Possible values are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
,GCMAES192
,GCMAES256
andNone
. - ipsec
Integrity string - The IPSec integrity algorithm, used for IKE phase 1. Possible values are
GCMAES128
,GCMAES192
,GCMAES256
,MD5
,SHA1
andSHA256
. - pfs
Group string - The Pfs Group, used in IKE Phase 2. Possible values are
ECP256
,ECP384
,PFS1
,PFS2
,PFS14
,PFS24
,PFS2048
,PFSMM
andNone
. - sa
Data numberSize In Kilobytes - The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between
1024
and2147483647
. - sa
Lifetime numberIn Seconds - The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between
300
and172799
.
- dh_
group str - The DH Group, used in IKE Phase 1. Possible values are
DHGroup1
,DHGroup2
,DHGroup14
,DHGroup24
,DHGroup2048
,ECP256
,ECP384
andNone
. - ike_
encryption str - The IKE encryption algorithm, used for IKE Phase 2. Possible values are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
andGCMAES256
. - ike_
integrity str - The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are
GCMAES128
,GCMAES256
,MD5
,SHA1
,SHA256
andSHA384
. - ipsec_
encryption str - The IPSec encryption algorithm, used for IKE phase 1. Possible values are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
,GCMAES192
,GCMAES256
andNone
. - ipsec_
integrity str - The IPSec integrity algorithm, used for IKE phase 1. Possible values are
GCMAES128
,GCMAES192
,GCMAES256
,MD5
,SHA1
andSHA256
. - pfs_
group str - The Pfs Group, used in IKE Phase 2. Possible values are
ECP256
,ECP384
,PFS1
,PFS2
,PFS14
,PFS24
,PFS2048
,PFSMM
andNone
. - sa_
data_ intsize_ in_ kilobytes - The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between
1024
and2147483647
. - sa_
lifetime_ intin_ seconds - The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between
300
and172799
.
- dh
Group String - The DH Group, used in IKE Phase 1. Possible values are
DHGroup1
,DHGroup2
,DHGroup14
,DHGroup24
,DHGroup2048
,ECP256
,ECP384
andNone
. - ike
Encryption String - The IKE encryption algorithm, used for IKE Phase 2. Possible values are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
andGCMAES256
. - ike
Integrity String - The IKE encryption integrity algorithm, used for IKE Phase 2. Possible values are
GCMAES128
,GCMAES256
,MD5
,SHA1
,SHA256
andSHA384
. - ipsec
Encryption String - The IPSec encryption algorithm, used for IKE phase 1. Possible values are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
,GCMAES192
,GCMAES256
andNone
. - ipsec
Integrity String - The IPSec integrity algorithm, used for IKE phase 1. Possible values are
GCMAES128
,GCMAES192
,GCMAES256
,MD5
,SHA1
andSHA256
. - pfs
Group String - The Pfs Group, used in IKE Phase 2. Possible values are
ECP256
,ECP384
,PFS1
,PFS2
,PFS14
,PFS24
,PFS2048
,PFSMM
andNone
. - sa
Data NumberSize In Kilobytes - The IPSec Security Association payload size in KB for a Site-to-Site VPN tunnel. Possible values are between
1024
and2147483647
. - sa
Lifetime NumberIn Seconds - The IPSec Security Association lifetime in seconds for a Site-to-Site VPN tunnel. Possible values are between
300
and172799
.
VirtualNetworkGatewayVpnClientConfigurationRadiusServer, VirtualNetworkGatewayVpnClientConfigurationRadiusServerArgs
VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate, VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs
- Name string
- Specifies the name of the certificate resource.
- Thumbprint string
- Specifies the public data of the certificate.
- Name string
- Specifies the name of the certificate resource.
- Thumbprint string
- Specifies the public data of the certificate.
- name String
- Specifies the name of the certificate resource.
- thumbprint String
- Specifies the public data of the certificate.
- name string
- Specifies the name of the certificate resource.
- thumbprint string
- Specifies the public data of the certificate.
- name str
- Specifies the name of the certificate resource.
- thumbprint str
- Specifies the public data of the certificate.
- name String
- Specifies the name of the certificate resource.
- thumbprint String
- Specifies the public data of the certificate.
VirtualNetworkGatewayVpnClientConfigurationRootCertificate, VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs
- Name string
- A user-defined name of the root certificate.
- Public
Cert stringData - The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the
-----BEGIN CERTIFICATE-----
or-----END CERTIFICATE-----
markers, nor any newlines.
- Name string
- A user-defined name of the root certificate.
- Public
Cert stringData - The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the
-----BEGIN CERTIFICATE-----
or-----END CERTIFICATE-----
markers, nor any newlines.
- name String
- A user-defined name of the root certificate.
- public
Cert StringData - The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the
-----BEGIN CERTIFICATE-----
or-----END CERTIFICATE-----
markers, nor any newlines.
- name string
- A user-defined name of the root certificate.
- public
Cert stringData - The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the
-----BEGIN CERTIFICATE-----
or-----END CERTIFICATE-----
markers, nor any newlines.
- name str
- A user-defined name of the root certificate.
- public_
cert_ strdata - The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the
-----BEGIN CERTIFICATE-----
or-----END CERTIFICATE-----
markers, nor any newlines.
- name String
- A user-defined name of the root certificate.
- public
Cert StringData - The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the
-----BEGIN CERTIFICATE-----
or-----END CERTIFICATE-----
markers, nor any newlines.
VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnection, VirtualNetworkGatewayVpnClientConfigurationVirtualNetworkGatewayClientConnectionArgs
- Address
Prefixes List<string> - A list of address prefixes for P2S VPN Client.
- Name string
- The name of the Virtual Network Gateway Client Connection.
- Policy
Group List<string>Names - A list of names of Virtual Network Gateway Policy Groups.
- Address
Prefixes []string - A list of address prefixes for P2S VPN Client.
- Name string
- The name of the Virtual Network Gateway Client Connection.
- Policy
Group []stringNames - A list of names of Virtual Network Gateway Policy Groups.
- address
Prefixes List<String> - A list of address prefixes for P2S VPN Client.
- name String
- The name of the Virtual Network Gateway Client Connection.
- policy
Group List<String>Names - A list of names of Virtual Network Gateway Policy Groups.
- address
Prefixes string[] - A list of address prefixes for P2S VPN Client.
- name string
- The name of the Virtual Network Gateway Client Connection.
- policy
Group string[]Names - A list of names of Virtual Network Gateway Policy Groups.
- address_
prefixes Sequence[str] - A list of address prefixes for P2S VPN Client.
- name str
- The name of the Virtual Network Gateway Client Connection.
- policy_
group_ Sequence[str]names - A list of names of Virtual Network Gateway Policy Groups.
- address
Prefixes List<String> - A list of address prefixes for P2S VPN Client.
- name String
- The name of the Virtual Network Gateway Client Connection.
- policy
Group List<String>Names - A list of names of Virtual Network Gateway Policy Groups.
Import
Virtual Network Gateways can be imported using the resource id
, e.g.
$ pulumi import azure:network/virtualNetworkGateway:VirtualNetworkGateway exampleGateway /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup1/providers/Microsoft.Network/virtualNetworkGateways/myGateway1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.