1. Packages
  2. Azure Classic
  3. API Docs
  4. network
  5. VirtualNetworkGatewayConnection

We recommend using Azure Native.

Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi

azure.network.VirtualNetworkGatewayConnection

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Manages a connection in an existing Virtual Network Gateway.

    Example Usage

    Site-to-Site connection

    The following example shows a connection between an Azure virtual network and an on-premises VPN device and network.

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const example = new azure.core.ResourceGroup("example", {
        name: "test",
        location: "West US",
    });
    const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
        name: "test",
        location: example.location,
        resourceGroupName: example.name,
        addressSpaces: ["10.0.0.0/16"],
    });
    const exampleSubnet = new azure.network.Subnet("example", {
        name: "GatewaySubnet",
        resourceGroupName: example.name,
        virtualNetworkName: exampleVirtualNetwork.name,
        addressPrefixes: ["10.0.1.0/24"],
    });
    const onpremise = new azure.network.LocalNetworkGateway("onpremise", {
        name: "onpremise",
        location: example.location,
        resourceGroupName: example.name,
        gatewayAddress: "168.62.225.23",
        addressSpaces: ["10.1.1.0/24"],
    });
    const examplePublicIp = new azure.network.PublicIp("example", {
        name: "test",
        location: example.location,
        resourceGroupName: example.name,
        allocationMethod: "Dynamic",
    });
    const exampleVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("example", {
        name: "test",
        location: example.location,
        resourceGroupName: example.name,
        type: "Vpn",
        vpnType: "RouteBased",
        activeActive: false,
        enableBgp: false,
        sku: "Basic",
        ipConfigurations: [{
            publicIpAddressId: examplePublicIp.id,
            privateIpAddressAllocation: "Dynamic",
            subnetId: exampleSubnet.id,
        }],
    });
    const onpremiseVirtualNetworkGatewayConnection = new azure.network.VirtualNetworkGatewayConnection("onpremise", {
        name: "onpremise",
        location: example.location,
        resourceGroupName: example.name,
        type: "IPsec",
        virtualNetworkGatewayId: exampleVirtualNetworkGateway.id,
        localNetworkGatewayId: onpremise.id,
        sharedKey: "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
    });
    
    import pulumi
    import pulumi_azure as azure
    
    example = azure.core.ResourceGroup("example",
        name="test",
        location="West US")
    example_virtual_network = azure.network.VirtualNetwork("example",
        name="test",
        location=example.location,
        resource_group_name=example.name,
        address_spaces=["10.0.0.0/16"])
    example_subnet = azure.network.Subnet("example",
        name="GatewaySubnet",
        resource_group_name=example.name,
        virtual_network_name=example_virtual_network.name,
        address_prefixes=["10.0.1.0/24"])
    onpremise = azure.network.LocalNetworkGateway("onpremise",
        name="onpremise",
        location=example.location,
        resource_group_name=example.name,
        gateway_address="168.62.225.23",
        address_spaces=["10.1.1.0/24"])
    example_public_ip = azure.network.PublicIp("example",
        name="test",
        location=example.location,
        resource_group_name=example.name,
        allocation_method="Dynamic")
    example_virtual_network_gateway = azure.network.VirtualNetworkGateway("example",
        name="test",
        location=example.location,
        resource_group_name=example.name,
        type="Vpn",
        vpn_type="RouteBased",
        active_active=False,
        enable_bgp=False,
        sku="Basic",
        ip_configurations=[{
            "public_ip_address_id": example_public_ip.id,
            "private_ip_address_allocation": "Dynamic",
            "subnet_id": example_subnet.id,
        }])
    onpremise_virtual_network_gateway_connection = azure.network.VirtualNetworkGatewayConnection("onpremise",
        name="onpremise",
        location=example.location,
        resource_group_name=example.name,
        type="IPsec",
        virtual_network_gateway_id=example_virtual_network_gateway.id,
        local_network_gateway_id=onpremise.id,
        shared_key="4-v3ry-53cr37-1p53c-5h4r3d-k3y")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("test"),
    			Location: pulumi.String("West US"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "example", &network.VirtualNetworkArgs{
    			Name:              pulumi.String("test"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			AddressSpaces: pulumi.StringArray{
    				pulumi.String("10.0.0.0/16"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		exampleSubnet, err := network.NewSubnet(ctx, "example", &network.SubnetArgs{
    			Name:               pulumi.String("GatewaySubnet"),
    			ResourceGroupName:  example.Name,
    			VirtualNetworkName: exampleVirtualNetwork.Name,
    			AddressPrefixes: pulumi.StringArray{
    				pulumi.String("10.0.1.0/24"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		onpremise, err := network.NewLocalNetworkGateway(ctx, "onpremise", &network.LocalNetworkGatewayArgs{
    			Name:              pulumi.String("onpremise"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			GatewayAddress:    pulumi.String("168.62.225.23"),
    			AddressSpaces: pulumi.StringArray{
    				pulumi.String("10.1.1.0/24"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		examplePublicIp, err := network.NewPublicIp(ctx, "example", &network.PublicIpArgs{
    			Name:              pulumi.String("test"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			AllocationMethod:  pulumi.String("Dynamic"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleVirtualNetworkGateway, err := network.NewVirtualNetworkGateway(ctx, "example", &network.VirtualNetworkGatewayArgs{
    			Name:              pulumi.String("test"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			Type:              pulumi.String("Vpn"),
    			VpnType:           pulumi.String("RouteBased"),
    			ActiveActive:      pulumi.Bool(false),
    			EnableBgp:         pulumi.Bool(false),
    			Sku:               pulumi.String("Basic"),
    			IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
    				&network.VirtualNetworkGatewayIpConfigurationArgs{
    					PublicIpAddressId:          examplePublicIp.ID(),
    					PrivateIpAddressAllocation: pulumi.String("Dynamic"),
    					SubnetId:                   exampleSubnet.ID(),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = network.NewVirtualNetworkGatewayConnection(ctx, "onpremise", &network.VirtualNetworkGatewayConnectionArgs{
    			Name:                    pulumi.String("onpremise"),
    			Location:                example.Location,
    			ResourceGroupName:       example.Name,
    			Type:                    pulumi.String("IPsec"),
    			VirtualNetworkGatewayId: exampleVirtualNetworkGateway.ID(),
    			LocalNetworkGatewayId:   onpremise.ID(),
    			SharedKey:               pulumi.String("4-v3ry-53cr37-1p53c-5h4r3d-k3y"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "test",
            Location = "West US",
        });
    
        var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("example", new()
        {
            Name = "test",
            Location = example.Location,
            ResourceGroupName = example.Name,
            AddressSpaces = new[]
            {
                "10.0.0.0/16",
            },
        });
    
        var exampleSubnet = new Azure.Network.Subnet("example", new()
        {
            Name = "GatewaySubnet",
            ResourceGroupName = example.Name,
            VirtualNetworkName = exampleVirtualNetwork.Name,
            AddressPrefixes = new[]
            {
                "10.0.1.0/24",
            },
        });
    
        var onpremise = new Azure.Network.LocalNetworkGateway("onpremise", new()
        {
            Name = "onpremise",
            Location = example.Location,
            ResourceGroupName = example.Name,
            GatewayAddress = "168.62.225.23",
            AddressSpaces = new[]
            {
                "10.1.1.0/24",
            },
        });
    
        var examplePublicIp = new Azure.Network.PublicIp("example", new()
        {
            Name = "test",
            Location = example.Location,
            ResourceGroupName = example.Name,
            AllocationMethod = "Dynamic",
        });
    
        var exampleVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("example", new()
        {
            Name = "test",
            Location = example.Location,
            ResourceGroupName = example.Name,
            Type = "Vpn",
            VpnType = "RouteBased",
            ActiveActive = false,
            EnableBgp = false,
            Sku = "Basic",
            IpConfigurations = new[]
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
                {
                    PublicIpAddressId = examplePublicIp.Id,
                    PrivateIpAddressAllocation = "Dynamic",
                    SubnetId = exampleSubnet.Id,
                },
            },
        });
    
        var onpremiseVirtualNetworkGatewayConnection = new Azure.Network.VirtualNetworkGatewayConnection("onpremise", new()
        {
            Name = "onpremise",
            Location = example.Location,
            ResourceGroupName = example.Name,
            Type = "IPsec",
            VirtualNetworkGatewayId = exampleVirtualNetworkGateway.Id,
            LocalNetworkGatewayId = onpremise.Id,
            SharedKey = "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.network.VirtualNetwork;
    import com.pulumi.azure.network.VirtualNetworkArgs;
    import com.pulumi.azure.network.Subnet;
    import com.pulumi.azure.network.SubnetArgs;
    import com.pulumi.azure.network.LocalNetworkGateway;
    import com.pulumi.azure.network.LocalNetworkGatewayArgs;
    import com.pulumi.azure.network.PublicIp;
    import com.pulumi.azure.network.PublicIpArgs;
    import com.pulumi.azure.network.VirtualNetworkGateway;
    import com.pulumi.azure.network.VirtualNetworkGatewayArgs;
    import com.pulumi.azure.network.inputs.VirtualNetworkGatewayIpConfigurationArgs;
    import com.pulumi.azure.network.VirtualNetworkGatewayConnection;
    import com.pulumi.azure.network.VirtualNetworkGatewayConnectionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()
                .name("test")
                .location("West US")
                .build());
    
            var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
                .name("test")
                .location(example.location())
                .resourceGroupName(example.name())
                .addressSpaces("10.0.0.0/16")
                .build());
    
            var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
                .name("GatewaySubnet")
                .resourceGroupName(example.name())
                .virtualNetworkName(exampleVirtualNetwork.name())
                .addressPrefixes("10.0.1.0/24")
                .build());
    
            var onpremise = new LocalNetworkGateway("onpremise", LocalNetworkGatewayArgs.builder()
                .name("onpremise")
                .location(example.location())
                .resourceGroupName(example.name())
                .gatewayAddress("168.62.225.23")
                .addressSpaces("10.1.1.0/24")
                .build());
    
            var examplePublicIp = new PublicIp("examplePublicIp", PublicIpArgs.builder()
                .name("test")
                .location(example.location())
                .resourceGroupName(example.name())
                .allocationMethod("Dynamic")
                .build());
    
            var exampleVirtualNetworkGateway = new VirtualNetworkGateway("exampleVirtualNetworkGateway", VirtualNetworkGatewayArgs.builder()
                .name("test")
                .location(example.location())
                .resourceGroupName(example.name())
                .type("Vpn")
                .vpnType("RouteBased")
                .activeActive(false)
                .enableBgp(false)
                .sku("Basic")
                .ipConfigurations(VirtualNetworkGatewayIpConfigurationArgs.builder()
                    .publicIpAddressId(examplePublicIp.id())
                    .privateIpAddressAllocation("Dynamic")
                    .subnetId(exampleSubnet.id())
                    .build())
                .build());
    
            var onpremiseVirtualNetworkGatewayConnection = new VirtualNetworkGatewayConnection("onpremiseVirtualNetworkGatewayConnection", VirtualNetworkGatewayConnectionArgs.builder()
                .name("onpremise")
                .location(example.location())
                .resourceGroupName(example.name())
                .type("IPsec")
                .virtualNetworkGatewayId(exampleVirtualNetworkGateway.id())
                .localNetworkGatewayId(onpremise.id())
                .sharedKey("4-v3ry-53cr37-1p53c-5h4r3d-k3y")
                .build());
    
        }
    }
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: test
          location: West US
      exampleVirtualNetwork:
        type: azure:network:VirtualNetwork
        name: example
        properties:
          name: test
          location: ${example.location}
          resourceGroupName: ${example.name}
          addressSpaces:
            - 10.0.0.0/16
      exampleSubnet:
        type: azure:network:Subnet
        name: example
        properties:
          name: GatewaySubnet
          resourceGroupName: ${example.name}
          virtualNetworkName: ${exampleVirtualNetwork.name}
          addressPrefixes:
            - 10.0.1.0/24
      onpremise:
        type: azure:network:LocalNetworkGateway
        properties:
          name: onpremise
          location: ${example.location}
          resourceGroupName: ${example.name}
          gatewayAddress: 168.62.225.23
          addressSpaces:
            - 10.1.1.0/24
      examplePublicIp:
        type: azure:network:PublicIp
        name: example
        properties:
          name: test
          location: ${example.location}
          resourceGroupName: ${example.name}
          allocationMethod: Dynamic
      exampleVirtualNetworkGateway:
        type: azure:network:VirtualNetworkGateway
        name: example
        properties:
          name: test
          location: ${example.location}
          resourceGroupName: ${example.name}
          type: Vpn
          vpnType: RouteBased
          activeActive: false
          enableBgp: false
          sku: Basic
          ipConfigurations:
            - publicIpAddressId: ${examplePublicIp.id}
              privateIpAddressAllocation: Dynamic
              subnetId: ${exampleSubnet.id}
      onpremiseVirtualNetworkGatewayConnection:
        type: azure:network:VirtualNetworkGatewayConnection
        name: onpremise
        properties:
          name: onpremise
          location: ${example.location}
          resourceGroupName: ${example.name}
          type: IPsec
          virtualNetworkGatewayId: ${exampleVirtualNetworkGateway.id}
          localNetworkGatewayId: ${onpremise.id}
          sharedKey: 4-v3ry-53cr37-1p53c-5h4r3d-k3y
    

    VNet-to-VNet connection

    The following example shows a connection between two Azure virtual network in different locations/regions.

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const us = new azure.core.ResourceGroup("us", {
        name: "us",
        location: "East US",
    });
    const usVirtualNetwork = new azure.network.VirtualNetwork("us", {
        name: "us",
        location: us.location,
        resourceGroupName: us.name,
        addressSpaces: ["10.0.0.0/16"],
    });
    const usGateway = new azure.network.Subnet("us_gateway", {
        name: "GatewaySubnet",
        resourceGroupName: us.name,
        virtualNetworkName: usVirtualNetwork.name,
        addressPrefixes: ["10.0.1.0/24"],
    });
    const usPublicIp = new azure.network.PublicIp("us", {
        name: "us",
        location: us.location,
        resourceGroupName: us.name,
        allocationMethod: "Dynamic",
    });
    const usVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("us", {
        name: "us-gateway",
        location: us.location,
        resourceGroupName: us.name,
        type: "Vpn",
        vpnType: "RouteBased",
        sku: "Basic",
        ipConfigurations: [{
            publicIpAddressId: usPublicIp.id,
            privateIpAddressAllocation: "Dynamic",
            subnetId: usGateway.id,
        }],
    });
    const europe = new azure.core.ResourceGroup("europe", {
        name: "europe",
        location: "West Europe",
    });
    const europeVirtualNetwork = new azure.network.VirtualNetwork("europe", {
        name: "europe",
        location: europe.location,
        resourceGroupName: europe.name,
        addressSpaces: ["10.1.0.0/16"],
    });
    const europeGateway = new azure.network.Subnet("europe_gateway", {
        name: "GatewaySubnet",
        resourceGroupName: europe.name,
        virtualNetworkName: europeVirtualNetwork.name,
        addressPrefixes: ["10.1.1.0/24"],
    });
    const europePublicIp = new azure.network.PublicIp("europe", {
        name: "europe",
        location: europe.location,
        resourceGroupName: europe.name,
        allocationMethod: "Dynamic",
    });
    const europeVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("europe", {
        name: "europe-gateway",
        location: europe.location,
        resourceGroupName: europe.name,
        type: "Vpn",
        vpnType: "RouteBased",
        sku: "Basic",
        ipConfigurations: [{
            publicIpAddressId: europePublicIp.id,
            privateIpAddressAllocation: "Dynamic",
            subnetId: europeGateway.id,
        }],
    });
    const usToEurope = new azure.network.VirtualNetworkGatewayConnection("us_to_europe", {
        name: "us-to-europe",
        location: us.location,
        resourceGroupName: us.name,
        type: "Vnet2Vnet",
        virtualNetworkGatewayId: usVirtualNetworkGateway.id,
        peerVirtualNetworkGatewayId: europeVirtualNetworkGateway.id,
        sharedKey: "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
    });
    const europeToUs = new azure.network.VirtualNetworkGatewayConnection("europe_to_us", {
        name: "europe-to-us",
        location: europe.location,
        resourceGroupName: europe.name,
        type: "Vnet2Vnet",
        virtualNetworkGatewayId: europeVirtualNetworkGateway.id,
        peerVirtualNetworkGatewayId: usVirtualNetworkGateway.id,
        sharedKey: "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
    });
    
    import pulumi
    import pulumi_azure as azure
    
    us = azure.core.ResourceGroup("us",
        name="us",
        location="East US")
    us_virtual_network = azure.network.VirtualNetwork("us",
        name="us",
        location=us.location,
        resource_group_name=us.name,
        address_spaces=["10.0.0.0/16"])
    us_gateway = azure.network.Subnet("us_gateway",
        name="GatewaySubnet",
        resource_group_name=us.name,
        virtual_network_name=us_virtual_network.name,
        address_prefixes=["10.0.1.0/24"])
    us_public_ip = azure.network.PublicIp("us",
        name="us",
        location=us.location,
        resource_group_name=us.name,
        allocation_method="Dynamic")
    us_virtual_network_gateway = azure.network.VirtualNetworkGateway("us",
        name="us-gateway",
        location=us.location,
        resource_group_name=us.name,
        type="Vpn",
        vpn_type="RouteBased",
        sku="Basic",
        ip_configurations=[{
            "public_ip_address_id": us_public_ip.id,
            "private_ip_address_allocation": "Dynamic",
            "subnet_id": us_gateway.id,
        }])
    europe = azure.core.ResourceGroup("europe",
        name="europe",
        location="West Europe")
    europe_virtual_network = azure.network.VirtualNetwork("europe",
        name="europe",
        location=europe.location,
        resource_group_name=europe.name,
        address_spaces=["10.1.0.0/16"])
    europe_gateway = azure.network.Subnet("europe_gateway",
        name="GatewaySubnet",
        resource_group_name=europe.name,
        virtual_network_name=europe_virtual_network.name,
        address_prefixes=["10.1.1.0/24"])
    europe_public_ip = azure.network.PublicIp("europe",
        name="europe",
        location=europe.location,
        resource_group_name=europe.name,
        allocation_method="Dynamic")
    europe_virtual_network_gateway = azure.network.VirtualNetworkGateway("europe",
        name="europe-gateway",
        location=europe.location,
        resource_group_name=europe.name,
        type="Vpn",
        vpn_type="RouteBased",
        sku="Basic",
        ip_configurations=[{
            "public_ip_address_id": europe_public_ip.id,
            "private_ip_address_allocation": "Dynamic",
            "subnet_id": europe_gateway.id,
        }])
    us_to_europe = azure.network.VirtualNetworkGatewayConnection("us_to_europe",
        name="us-to-europe",
        location=us.location,
        resource_group_name=us.name,
        type="Vnet2Vnet",
        virtual_network_gateway_id=us_virtual_network_gateway.id,
        peer_virtual_network_gateway_id=europe_virtual_network_gateway.id,
        shared_key="4-v3ry-53cr37-1p53c-5h4r3d-k3y")
    europe_to_us = azure.network.VirtualNetworkGatewayConnection("europe_to_us",
        name="europe-to-us",
        location=europe.location,
        resource_group_name=europe.name,
        type="Vnet2Vnet",
        virtual_network_gateway_id=europe_virtual_network_gateway.id,
        peer_virtual_network_gateway_id=us_virtual_network_gateway.id,
        shared_key="4-v3ry-53cr37-1p53c-5h4r3d-k3y")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		us, err := core.NewResourceGroup(ctx, "us", &core.ResourceGroupArgs{
    			Name:     pulumi.String("us"),
    			Location: pulumi.String("East US"),
    		})
    		if err != nil {
    			return err
    		}
    		usVirtualNetwork, err := network.NewVirtualNetwork(ctx, "us", &network.VirtualNetworkArgs{
    			Name:              pulumi.String("us"),
    			Location:          us.Location,
    			ResourceGroupName: us.Name,
    			AddressSpaces: pulumi.StringArray{
    				pulumi.String("10.0.0.0/16"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		usGateway, err := network.NewSubnet(ctx, "us_gateway", &network.SubnetArgs{
    			Name:               pulumi.String("GatewaySubnet"),
    			ResourceGroupName:  us.Name,
    			VirtualNetworkName: usVirtualNetwork.Name,
    			AddressPrefixes: pulumi.StringArray{
    				pulumi.String("10.0.1.0/24"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		usPublicIp, err := network.NewPublicIp(ctx, "us", &network.PublicIpArgs{
    			Name:              pulumi.String("us"),
    			Location:          us.Location,
    			ResourceGroupName: us.Name,
    			AllocationMethod:  pulumi.String("Dynamic"),
    		})
    		if err != nil {
    			return err
    		}
    		usVirtualNetworkGateway, err := network.NewVirtualNetworkGateway(ctx, "us", &network.VirtualNetworkGatewayArgs{
    			Name:              pulumi.String("us-gateway"),
    			Location:          us.Location,
    			ResourceGroupName: us.Name,
    			Type:              pulumi.String("Vpn"),
    			VpnType:           pulumi.String("RouteBased"),
    			Sku:               pulumi.String("Basic"),
    			IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
    				&network.VirtualNetworkGatewayIpConfigurationArgs{
    					PublicIpAddressId:          usPublicIp.ID(),
    					PrivateIpAddressAllocation: pulumi.String("Dynamic"),
    					SubnetId:                   usGateway.ID(),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		europe, err := core.NewResourceGroup(ctx, "europe", &core.ResourceGroupArgs{
    			Name:     pulumi.String("europe"),
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		europeVirtualNetwork, err := network.NewVirtualNetwork(ctx, "europe", &network.VirtualNetworkArgs{
    			Name:              pulumi.String("europe"),
    			Location:          europe.Location,
    			ResourceGroupName: europe.Name,
    			AddressSpaces: pulumi.StringArray{
    				pulumi.String("10.1.0.0/16"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		europeGateway, err := network.NewSubnet(ctx, "europe_gateway", &network.SubnetArgs{
    			Name:               pulumi.String("GatewaySubnet"),
    			ResourceGroupName:  europe.Name,
    			VirtualNetworkName: europeVirtualNetwork.Name,
    			AddressPrefixes: pulumi.StringArray{
    				pulumi.String("10.1.1.0/24"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		europePublicIp, err := network.NewPublicIp(ctx, "europe", &network.PublicIpArgs{
    			Name:              pulumi.String("europe"),
    			Location:          europe.Location,
    			ResourceGroupName: europe.Name,
    			AllocationMethod:  pulumi.String("Dynamic"),
    		})
    		if err != nil {
    			return err
    		}
    		europeVirtualNetworkGateway, err := network.NewVirtualNetworkGateway(ctx, "europe", &network.VirtualNetworkGatewayArgs{
    			Name:              pulumi.String("europe-gateway"),
    			Location:          europe.Location,
    			ResourceGroupName: europe.Name,
    			Type:              pulumi.String("Vpn"),
    			VpnType:           pulumi.String("RouteBased"),
    			Sku:               pulumi.String("Basic"),
    			IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
    				&network.VirtualNetworkGatewayIpConfigurationArgs{
    					PublicIpAddressId:          europePublicIp.ID(),
    					PrivateIpAddressAllocation: pulumi.String("Dynamic"),
    					SubnetId:                   europeGateway.ID(),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = network.NewVirtualNetworkGatewayConnection(ctx, "us_to_europe", &network.VirtualNetworkGatewayConnectionArgs{
    			Name:                        pulumi.String("us-to-europe"),
    			Location:                    us.Location,
    			ResourceGroupName:           us.Name,
    			Type:                        pulumi.String("Vnet2Vnet"),
    			VirtualNetworkGatewayId:     usVirtualNetworkGateway.ID(),
    			PeerVirtualNetworkGatewayId: europeVirtualNetworkGateway.ID(),
    			SharedKey:                   pulumi.String("4-v3ry-53cr37-1p53c-5h4r3d-k3y"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = network.NewVirtualNetworkGatewayConnection(ctx, "europe_to_us", &network.VirtualNetworkGatewayConnectionArgs{
    			Name:                        pulumi.String("europe-to-us"),
    			Location:                    europe.Location,
    			ResourceGroupName:           europe.Name,
    			Type:                        pulumi.String("Vnet2Vnet"),
    			VirtualNetworkGatewayId:     europeVirtualNetworkGateway.ID(),
    			PeerVirtualNetworkGatewayId: usVirtualNetworkGateway.ID(),
    			SharedKey:                   pulumi.String("4-v3ry-53cr37-1p53c-5h4r3d-k3y"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var us = new Azure.Core.ResourceGroup("us", new()
        {
            Name = "us",
            Location = "East US",
        });
    
        var usVirtualNetwork = new Azure.Network.VirtualNetwork("us", new()
        {
            Name = "us",
            Location = us.Location,
            ResourceGroupName = us.Name,
            AddressSpaces = new[]
            {
                "10.0.0.0/16",
            },
        });
    
        var usGateway = new Azure.Network.Subnet("us_gateway", new()
        {
            Name = "GatewaySubnet",
            ResourceGroupName = us.Name,
            VirtualNetworkName = usVirtualNetwork.Name,
            AddressPrefixes = new[]
            {
                "10.0.1.0/24",
            },
        });
    
        var usPublicIp = new Azure.Network.PublicIp("us", new()
        {
            Name = "us",
            Location = us.Location,
            ResourceGroupName = us.Name,
            AllocationMethod = "Dynamic",
        });
    
        var usVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("us", new()
        {
            Name = "us-gateway",
            Location = us.Location,
            ResourceGroupName = us.Name,
            Type = "Vpn",
            VpnType = "RouteBased",
            Sku = "Basic",
            IpConfigurations = new[]
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
                {
                    PublicIpAddressId = usPublicIp.Id,
                    PrivateIpAddressAllocation = "Dynamic",
                    SubnetId = usGateway.Id,
                },
            },
        });
    
        var europe = new Azure.Core.ResourceGroup("europe", new()
        {
            Name = "europe",
            Location = "West Europe",
        });
    
        var europeVirtualNetwork = new Azure.Network.VirtualNetwork("europe", new()
        {
            Name = "europe",
            Location = europe.Location,
            ResourceGroupName = europe.Name,
            AddressSpaces = new[]
            {
                "10.1.0.0/16",
            },
        });
    
        var europeGateway = new Azure.Network.Subnet("europe_gateway", new()
        {
            Name = "GatewaySubnet",
            ResourceGroupName = europe.Name,
            VirtualNetworkName = europeVirtualNetwork.Name,
            AddressPrefixes = new[]
            {
                "10.1.1.0/24",
            },
        });
    
        var europePublicIp = new Azure.Network.PublicIp("europe", new()
        {
            Name = "europe",
            Location = europe.Location,
            ResourceGroupName = europe.Name,
            AllocationMethod = "Dynamic",
        });
    
        var europeVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("europe", new()
        {
            Name = "europe-gateway",
            Location = europe.Location,
            ResourceGroupName = europe.Name,
            Type = "Vpn",
            VpnType = "RouteBased",
            Sku = "Basic",
            IpConfigurations = new[]
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
                {
                    PublicIpAddressId = europePublicIp.Id,
                    PrivateIpAddressAllocation = "Dynamic",
                    SubnetId = europeGateway.Id,
                },
            },
        });
    
        var usToEurope = new Azure.Network.VirtualNetworkGatewayConnection("us_to_europe", new()
        {
            Name = "us-to-europe",
            Location = us.Location,
            ResourceGroupName = us.Name,
            Type = "Vnet2Vnet",
            VirtualNetworkGatewayId = usVirtualNetworkGateway.Id,
            PeerVirtualNetworkGatewayId = europeVirtualNetworkGateway.Id,
            SharedKey = "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
        });
    
        var europeToUs = new Azure.Network.VirtualNetworkGatewayConnection("europe_to_us", new()
        {
            Name = "europe-to-us",
            Location = europe.Location,
            ResourceGroupName = europe.Name,
            Type = "Vnet2Vnet",
            VirtualNetworkGatewayId = europeVirtualNetworkGateway.Id,
            PeerVirtualNetworkGatewayId = usVirtualNetworkGateway.Id,
            SharedKey = "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.network.VirtualNetwork;
    import com.pulumi.azure.network.VirtualNetworkArgs;
    import com.pulumi.azure.network.Subnet;
    import com.pulumi.azure.network.SubnetArgs;
    import com.pulumi.azure.network.PublicIp;
    import com.pulumi.azure.network.PublicIpArgs;
    import com.pulumi.azure.network.VirtualNetworkGateway;
    import com.pulumi.azure.network.VirtualNetworkGatewayArgs;
    import com.pulumi.azure.network.inputs.VirtualNetworkGatewayIpConfigurationArgs;
    import com.pulumi.azure.network.VirtualNetworkGatewayConnection;
    import com.pulumi.azure.network.VirtualNetworkGatewayConnectionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var us = new ResourceGroup("us", ResourceGroupArgs.builder()
                .name("us")
                .location("East US")
                .build());
    
            var usVirtualNetwork = new VirtualNetwork("usVirtualNetwork", VirtualNetworkArgs.builder()
                .name("us")
                .location(us.location())
                .resourceGroupName(us.name())
                .addressSpaces("10.0.0.0/16")
                .build());
    
            var usGateway = new Subnet("usGateway", SubnetArgs.builder()
                .name("GatewaySubnet")
                .resourceGroupName(us.name())
                .virtualNetworkName(usVirtualNetwork.name())
                .addressPrefixes("10.0.1.0/24")
                .build());
    
            var usPublicIp = new PublicIp("usPublicIp", PublicIpArgs.builder()
                .name("us")
                .location(us.location())
                .resourceGroupName(us.name())
                .allocationMethod("Dynamic")
                .build());
    
            var usVirtualNetworkGateway = new VirtualNetworkGateway("usVirtualNetworkGateway", VirtualNetworkGatewayArgs.builder()
                .name("us-gateway")
                .location(us.location())
                .resourceGroupName(us.name())
                .type("Vpn")
                .vpnType("RouteBased")
                .sku("Basic")
                .ipConfigurations(VirtualNetworkGatewayIpConfigurationArgs.builder()
                    .publicIpAddressId(usPublicIp.id())
                    .privateIpAddressAllocation("Dynamic")
                    .subnetId(usGateway.id())
                    .build())
                .build());
    
            var europe = new ResourceGroup("europe", ResourceGroupArgs.builder()
                .name("europe")
                .location("West Europe")
                .build());
    
            var europeVirtualNetwork = new VirtualNetwork("europeVirtualNetwork", VirtualNetworkArgs.builder()
                .name("europe")
                .location(europe.location())
                .resourceGroupName(europe.name())
                .addressSpaces("10.1.0.0/16")
                .build());
    
            var europeGateway = new Subnet("europeGateway", SubnetArgs.builder()
                .name("GatewaySubnet")
                .resourceGroupName(europe.name())
                .virtualNetworkName(europeVirtualNetwork.name())
                .addressPrefixes("10.1.1.0/24")
                .build());
    
            var europePublicIp = new PublicIp("europePublicIp", PublicIpArgs.builder()
                .name("europe")
                .location(europe.location())
                .resourceGroupName(europe.name())
                .allocationMethod("Dynamic")
                .build());
    
            var europeVirtualNetworkGateway = new VirtualNetworkGateway("europeVirtualNetworkGateway", VirtualNetworkGatewayArgs.builder()
                .name("europe-gateway")
                .location(europe.location())
                .resourceGroupName(europe.name())
                .type("Vpn")
                .vpnType("RouteBased")
                .sku("Basic")
                .ipConfigurations(VirtualNetworkGatewayIpConfigurationArgs.builder()
                    .publicIpAddressId(europePublicIp.id())
                    .privateIpAddressAllocation("Dynamic")
                    .subnetId(europeGateway.id())
                    .build())
                .build());
    
            var usToEurope = new VirtualNetworkGatewayConnection("usToEurope", VirtualNetworkGatewayConnectionArgs.builder()
                .name("us-to-europe")
                .location(us.location())
                .resourceGroupName(us.name())
                .type("Vnet2Vnet")
                .virtualNetworkGatewayId(usVirtualNetworkGateway.id())
                .peerVirtualNetworkGatewayId(europeVirtualNetworkGateway.id())
                .sharedKey("4-v3ry-53cr37-1p53c-5h4r3d-k3y")
                .build());
    
            var europeToUs = new VirtualNetworkGatewayConnection("europeToUs", VirtualNetworkGatewayConnectionArgs.builder()
                .name("europe-to-us")
                .location(europe.location())
                .resourceGroupName(europe.name())
                .type("Vnet2Vnet")
                .virtualNetworkGatewayId(europeVirtualNetworkGateway.id())
                .peerVirtualNetworkGatewayId(usVirtualNetworkGateway.id())
                .sharedKey("4-v3ry-53cr37-1p53c-5h4r3d-k3y")
                .build());
    
        }
    }
    
    resources:
      us:
        type: azure:core:ResourceGroup
        properties:
          name: us
          location: East US
      usVirtualNetwork:
        type: azure:network:VirtualNetwork
        name: us
        properties:
          name: us
          location: ${us.location}
          resourceGroupName: ${us.name}
          addressSpaces:
            - 10.0.0.0/16
      usGateway:
        type: azure:network:Subnet
        name: us_gateway
        properties:
          name: GatewaySubnet
          resourceGroupName: ${us.name}
          virtualNetworkName: ${usVirtualNetwork.name}
          addressPrefixes:
            - 10.0.1.0/24
      usPublicIp:
        type: azure:network:PublicIp
        name: us
        properties:
          name: us
          location: ${us.location}
          resourceGroupName: ${us.name}
          allocationMethod: Dynamic
      usVirtualNetworkGateway:
        type: azure:network:VirtualNetworkGateway
        name: us
        properties:
          name: us-gateway
          location: ${us.location}
          resourceGroupName: ${us.name}
          type: Vpn
          vpnType: RouteBased
          sku: Basic
          ipConfigurations:
            - publicIpAddressId: ${usPublicIp.id}
              privateIpAddressAllocation: Dynamic
              subnetId: ${usGateway.id}
      europe:
        type: azure:core:ResourceGroup
        properties:
          name: europe
          location: West Europe
      europeVirtualNetwork:
        type: azure:network:VirtualNetwork
        name: europe
        properties:
          name: europe
          location: ${europe.location}
          resourceGroupName: ${europe.name}
          addressSpaces:
            - 10.1.0.0/16
      europeGateway:
        type: azure:network:Subnet
        name: europe_gateway
        properties:
          name: GatewaySubnet
          resourceGroupName: ${europe.name}
          virtualNetworkName: ${europeVirtualNetwork.name}
          addressPrefixes:
            - 10.1.1.0/24
      europePublicIp:
        type: azure:network:PublicIp
        name: europe
        properties:
          name: europe
          location: ${europe.location}
          resourceGroupName: ${europe.name}
          allocationMethod: Dynamic
      europeVirtualNetworkGateway:
        type: azure:network:VirtualNetworkGateway
        name: europe
        properties:
          name: europe-gateway
          location: ${europe.location}
          resourceGroupName: ${europe.name}
          type: Vpn
          vpnType: RouteBased
          sku: Basic
          ipConfigurations:
            - publicIpAddressId: ${europePublicIp.id}
              privateIpAddressAllocation: Dynamic
              subnetId: ${europeGateway.id}
      usToEurope:
        type: azure:network:VirtualNetworkGatewayConnection
        name: us_to_europe
        properties:
          name: us-to-europe
          location: ${us.location}
          resourceGroupName: ${us.name}
          type: Vnet2Vnet
          virtualNetworkGatewayId: ${usVirtualNetworkGateway.id}
          peerVirtualNetworkGatewayId: ${europeVirtualNetworkGateway.id}
          sharedKey: 4-v3ry-53cr37-1p53c-5h4r3d-k3y
      europeToUs:
        type: azure:network:VirtualNetworkGatewayConnection
        name: europe_to_us
        properties:
          name: europe-to-us
          location: ${europe.location}
          resourceGroupName: ${europe.name}
          type: Vnet2Vnet
          virtualNetworkGatewayId: ${europeVirtualNetworkGateway.id}
          peerVirtualNetworkGatewayId: ${usVirtualNetworkGateway.id}
          sharedKey: 4-v3ry-53cr37-1p53c-5h4r3d-k3y
    

    Create VirtualNetworkGatewayConnection Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new VirtualNetworkGatewayConnection(name: string, args: VirtualNetworkGatewayConnectionArgs, opts?: CustomResourceOptions);
    @overload
    def VirtualNetworkGatewayConnection(resource_name: str,
                                        args: VirtualNetworkGatewayConnectionArgs,
                                        opts: Optional[ResourceOptions] = None)
    
    @overload
    def VirtualNetworkGatewayConnection(resource_name: str,
                                        opts: Optional[ResourceOptions] = None,
                                        resource_group_name: Optional[str] = None,
                                        virtual_network_gateway_id: Optional[str] = None,
                                        type: Optional[str] = None,
                                        local_network_gateway_id: Optional[str] = None,
                                        name: Optional[str] = None,
                                        egress_nat_rule_ids: Optional[Sequence[str]] = None,
                                        enable_bgp: Optional[bool] = None,
                                        express_route_circuit_id: Optional[str] = None,
                                        express_route_gateway_bypass: Optional[bool] = None,
                                        ingress_nat_rule_ids: Optional[Sequence[str]] = None,
                                        ipsec_policy: Optional[VirtualNetworkGatewayConnectionIpsecPolicyArgs] = None,
                                        local_azure_ip_address_enabled: Optional[bool] = None,
                                        authorization_key: Optional[str] = None,
                                        location: Optional[str] = None,
                                        dpd_timeout_seconds: Optional[int] = None,
                                        peer_virtual_network_gateway_id: Optional[str] = None,
                                        private_link_fast_path_enabled: Optional[bool] = None,
                                        custom_bgp_addresses: Optional[VirtualNetworkGatewayConnectionCustomBgpAddressesArgs] = None,
                                        routing_weight: Optional[int] = None,
                                        shared_key: Optional[str] = None,
                                        tags: Optional[Mapping[str, str]] = None,
                                        traffic_selector_policy: Optional[VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs] = None,
                                        connection_protocol: Optional[str] = None,
                                        use_policy_based_traffic_selectors: Optional[bool] = None,
                                        connection_mode: Optional[str] = None)
    func NewVirtualNetworkGatewayConnection(ctx *Context, name string, args VirtualNetworkGatewayConnectionArgs, opts ...ResourceOption) (*VirtualNetworkGatewayConnection, error)
    public VirtualNetworkGatewayConnection(string name, VirtualNetworkGatewayConnectionArgs args, CustomResourceOptions? opts = null)
    public VirtualNetworkGatewayConnection(String name, VirtualNetworkGatewayConnectionArgs args)
    public VirtualNetworkGatewayConnection(String name, VirtualNetworkGatewayConnectionArgs args, CustomResourceOptions options)
    
    type: azure:network:VirtualNetworkGatewayConnection
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args VirtualNetworkGatewayConnectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args VirtualNetworkGatewayConnectionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args VirtualNetworkGatewayConnectionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args VirtualNetworkGatewayConnectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args VirtualNetworkGatewayConnectionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var virtualNetworkGatewayConnectionResource = new Azure.Network.VirtualNetworkGatewayConnection("virtualNetworkGatewayConnectionResource", new()
    {
        ResourceGroupName = "string",
        VirtualNetworkGatewayId = "string",
        Type = "string",
        LocalNetworkGatewayId = "string",
        Name = "string",
        EgressNatRuleIds = new[]
        {
            "string",
        },
        EnableBgp = false,
        ExpressRouteCircuitId = "string",
        ExpressRouteGatewayBypass = false,
        IngressNatRuleIds = new[]
        {
            "string",
        },
        IpsecPolicy = new Azure.Network.Inputs.VirtualNetworkGatewayConnectionIpsecPolicyArgs
        {
            DhGroup = "string",
            IkeEncryption = "string",
            IkeIntegrity = "string",
            IpsecEncryption = "string",
            IpsecIntegrity = "string",
            PfsGroup = "string",
            SaDatasize = 0,
            SaLifetime = 0,
        },
        LocalAzureIpAddressEnabled = false,
        AuthorizationKey = "string",
        Location = "string",
        DpdTimeoutSeconds = 0,
        PeerVirtualNetworkGatewayId = "string",
        PrivateLinkFastPathEnabled = false,
        CustomBgpAddresses = new Azure.Network.Inputs.VirtualNetworkGatewayConnectionCustomBgpAddressesArgs
        {
            Primary = "string",
            Secondary = "string",
        },
        RoutingWeight = 0,
        SharedKey = "string",
        Tags = 
        {
            { "string", "string" },
        },
        TrafficSelectorPolicy = new Azure.Network.Inputs.VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs
        {
            LocalAddressCidrs = new[]
            {
                "string",
            },
            RemoteAddressCidrs = new[]
            {
                "string",
            },
        },
        ConnectionProtocol = "string",
        UsePolicyBasedTrafficSelectors = false,
        ConnectionMode = "string",
    });
    
    example, err := network.NewVirtualNetworkGatewayConnection(ctx, "virtualNetworkGatewayConnectionResource", &network.VirtualNetworkGatewayConnectionArgs{
    	ResourceGroupName:       pulumi.String("string"),
    	VirtualNetworkGatewayId: pulumi.String("string"),
    	Type:                    pulumi.String("string"),
    	LocalNetworkGatewayId:   pulumi.String("string"),
    	Name:                    pulumi.String("string"),
    	EgressNatRuleIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	EnableBgp:                 pulumi.Bool(false),
    	ExpressRouteCircuitId:     pulumi.String("string"),
    	ExpressRouteGatewayBypass: pulumi.Bool(false),
    	IngressNatRuleIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	IpsecPolicy: &network.VirtualNetworkGatewayConnectionIpsecPolicyArgs{
    		DhGroup:         pulumi.String("string"),
    		IkeEncryption:   pulumi.String("string"),
    		IkeIntegrity:    pulumi.String("string"),
    		IpsecEncryption: pulumi.String("string"),
    		IpsecIntegrity:  pulumi.String("string"),
    		PfsGroup:        pulumi.String("string"),
    		SaDatasize:      pulumi.Int(0),
    		SaLifetime:      pulumi.Int(0),
    	},
    	LocalAzureIpAddressEnabled:  pulumi.Bool(false),
    	AuthorizationKey:            pulumi.String("string"),
    	Location:                    pulumi.String("string"),
    	DpdTimeoutSeconds:           pulumi.Int(0),
    	PeerVirtualNetworkGatewayId: pulumi.String("string"),
    	PrivateLinkFastPathEnabled:  pulumi.Bool(false),
    	CustomBgpAddresses: &network.VirtualNetworkGatewayConnectionCustomBgpAddressesArgs{
    		Primary:   pulumi.String("string"),
    		Secondary: pulumi.String("string"),
    	},
    	RoutingWeight: pulumi.Int(0),
    	SharedKey:     pulumi.String("string"),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	TrafficSelectorPolicy: &network.VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs{
    		LocalAddressCidrs: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		RemoteAddressCidrs: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	ConnectionProtocol:             pulumi.String("string"),
    	UsePolicyBasedTrafficSelectors: pulumi.Bool(false),
    	ConnectionMode:                 pulumi.String("string"),
    })
    
    var virtualNetworkGatewayConnectionResource = new VirtualNetworkGatewayConnection("virtualNetworkGatewayConnectionResource", VirtualNetworkGatewayConnectionArgs.builder()
        .resourceGroupName("string")
        .virtualNetworkGatewayId("string")
        .type("string")
        .localNetworkGatewayId("string")
        .name("string")
        .egressNatRuleIds("string")
        .enableBgp(false)
        .expressRouteCircuitId("string")
        .expressRouteGatewayBypass(false)
        .ingressNatRuleIds("string")
        .ipsecPolicy(VirtualNetworkGatewayConnectionIpsecPolicyArgs.builder()
            .dhGroup("string")
            .ikeEncryption("string")
            .ikeIntegrity("string")
            .ipsecEncryption("string")
            .ipsecIntegrity("string")
            .pfsGroup("string")
            .saDatasize(0)
            .saLifetime(0)
            .build())
        .localAzureIpAddressEnabled(false)
        .authorizationKey("string")
        .location("string")
        .dpdTimeoutSeconds(0)
        .peerVirtualNetworkGatewayId("string")
        .privateLinkFastPathEnabled(false)
        .customBgpAddresses(VirtualNetworkGatewayConnectionCustomBgpAddressesArgs.builder()
            .primary("string")
            .secondary("string")
            .build())
        .routingWeight(0)
        .sharedKey("string")
        .tags(Map.of("string", "string"))
        .trafficSelectorPolicy(VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs.builder()
            .localAddressCidrs("string")
            .remoteAddressCidrs("string")
            .build())
        .connectionProtocol("string")
        .usePolicyBasedTrafficSelectors(false)
        .connectionMode("string")
        .build());
    
    virtual_network_gateway_connection_resource = azure.network.VirtualNetworkGatewayConnection("virtualNetworkGatewayConnectionResource",
        resource_group_name="string",
        virtual_network_gateway_id="string",
        type="string",
        local_network_gateway_id="string",
        name="string",
        egress_nat_rule_ids=["string"],
        enable_bgp=False,
        express_route_circuit_id="string",
        express_route_gateway_bypass=False,
        ingress_nat_rule_ids=["string"],
        ipsec_policy={
            "dh_group": "string",
            "ike_encryption": "string",
            "ike_integrity": "string",
            "ipsec_encryption": "string",
            "ipsec_integrity": "string",
            "pfs_group": "string",
            "sa_datasize": 0,
            "sa_lifetime": 0,
        },
        local_azure_ip_address_enabled=False,
        authorization_key="string",
        location="string",
        dpd_timeout_seconds=0,
        peer_virtual_network_gateway_id="string",
        private_link_fast_path_enabled=False,
        custom_bgp_addresses={
            "primary": "string",
            "secondary": "string",
        },
        routing_weight=0,
        shared_key="string",
        tags={
            "string": "string",
        },
        traffic_selector_policy={
            "local_address_cidrs": ["string"],
            "remote_address_cidrs": ["string"],
        },
        connection_protocol="string",
        use_policy_based_traffic_selectors=False,
        connection_mode="string")
    
    const virtualNetworkGatewayConnectionResource = new azure.network.VirtualNetworkGatewayConnection("virtualNetworkGatewayConnectionResource", {
        resourceGroupName: "string",
        virtualNetworkGatewayId: "string",
        type: "string",
        localNetworkGatewayId: "string",
        name: "string",
        egressNatRuleIds: ["string"],
        enableBgp: false,
        expressRouteCircuitId: "string",
        expressRouteGatewayBypass: false,
        ingressNatRuleIds: ["string"],
        ipsecPolicy: {
            dhGroup: "string",
            ikeEncryption: "string",
            ikeIntegrity: "string",
            ipsecEncryption: "string",
            ipsecIntegrity: "string",
            pfsGroup: "string",
            saDatasize: 0,
            saLifetime: 0,
        },
        localAzureIpAddressEnabled: false,
        authorizationKey: "string",
        location: "string",
        dpdTimeoutSeconds: 0,
        peerVirtualNetworkGatewayId: "string",
        privateLinkFastPathEnabled: false,
        customBgpAddresses: {
            primary: "string",
            secondary: "string",
        },
        routingWeight: 0,
        sharedKey: "string",
        tags: {
            string: "string",
        },
        trafficSelectorPolicy: {
            localAddressCidrs: ["string"],
            remoteAddressCidrs: ["string"],
        },
        connectionProtocol: "string",
        usePolicyBasedTrafficSelectors: false,
        connectionMode: "string",
    });
    
    type: azure:network:VirtualNetworkGatewayConnection
    properties:
        authorizationKey: string
        connectionMode: string
        connectionProtocol: string
        customBgpAddresses:
            primary: string
            secondary: string
        dpdTimeoutSeconds: 0
        egressNatRuleIds:
            - string
        enableBgp: false
        expressRouteCircuitId: string
        expressRouteGatewayBypass: false
        ingressNatRuleIds:
            - string
        ipsecPolicy:
            dhGroup: string
            ikeEncryption: string
            ikeIntegrity: string
            ipsecEncryption: string
            ipsecIntegrity: string
            pfsGroup: string
            saDatasize: 0
            saLifetime: 0
        localAzureIpAddressEnabled: false
        localNetworkGatewayId: string
        location: string
        name: string
        peerVirtualNetworkGatewayId: string
        privateLinkFastPathEnabled: false
        resourceGroupName: string
        routingWeight: 0
        sharedKey: string
        tags:
            string: string
        trafficSelectorPolicy:
            localAddressCidrs:
                - string
            remoteAddressCidrs:
                - string
        type: string
        usePolicyBasedTrafficSelectors: false
        virtualNetworkGatewayId: string
    

    VirtualNetworkGatewayConnection Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The VirtualNetworkGatewayConnection resource accepts the following input properties:

    ResourceGroupName string
    The name of the resource group in which to create the connection Changing this forces a new resource to be created.
    Type string
    The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created.
    VirtualNetworkGatewayId string
    The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
    AuthorizationKey string
    The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
    ConnectionMode string
    Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
    ConnectionProtocol string

    The IKE protocol version to use. Possible values are IKEv1 and IKEv2, values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this forces a new resource to be created.

    Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.

    CustomBgpAddresses VirtualNetworkGatewayConnectionCustomBgpAddresses
    A custom_bgp_addresses block which is documented below. The block can only be used on IPSec / activeactive connections, For details about see the relevant section in the Azure documentation.
    DpdTimeoutSeconds int
    The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
    EgressNatRuleIds List<string>
    A list of the egress NAT Rule Ids.
    EnableBgp bool
    If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
    ExpressRouteCircuitId string
    The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created.
    ExpressRouteGatewayBypass bool
    If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
    IngressNatRuleIds List<string>
    A list of the ingress NAT Rule Ids.
    IpsecPolicy VirtualNetworkGatewayConnectionIpsecPolicy
    A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
    LocalAzureIpAddressEnabled bool
    Use private local Azure IP for the connection. Changing this forces a new resource to be created.
    LocalNetworkGatewayId string
    The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
    Location string
    The location/region where the connection is located. Changing this forces a new resource to be created.
    Name string
    The name of the connection. Changing the name forces a new resource to be created.
    PeerVirtualNetworkGatewayId string
    The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created.
    PrivateLinkFastPathEnabled bool
    Bypass the Express Route gateway when accessing private-links. When enabled express_route_gateway_bypass must be set to true. Defaults to false.
    RoutingWeight int
    The routing weight. Defaults to 10.
    SharedKey string
    The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    TrafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicy
    One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
    UsePolicyBasedTrafficSelectors bool
    If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
    ResourceGroupName string
    The name of the resource group in which to create the connection Changing this forces a new resource to be created.
    Type string
    The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created.
    VirtualNetworkGatewayId string
    The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
    AuthorizationKey string
    The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
    ConnectionMode string
    Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
    ConnectionProtocol string

    The IKE protocol version to use. Possible values are IKEv1 and IKEv2, values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this forces a new resource to be created.

    Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.

    CustomBgpAddresses VirtualNetworkGatewayConnectionCustomBgpAddressesArgs
    A custom_bgp_addresses block which is documented below. The block can only be used on IPSec / activeactive connections, For details about see the relevant section in the Azure documentation.
    DpdTimeoutSeconds int
    The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
    EgressNatRuleIds []string
    A list of the egress NAT Rule Ids.
    EnableBgp bool
    If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
    ExpressRouteCircuitId string
    The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created.
    ExpressRouteGatewayBypass bool
    If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
    IngressNatRuleIds []string
    A list of the ingress NAT Rule Ids.
    IpsecPolicy VirtualNetworkGatewayConnectionIpsecPolicyArgs
    A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
    LocalAzureIpAddressEnabled bool
    Use private local Azure IP for the connection. Changing this forces a new resource to be created.
    LocalNetworkGatewayId string
    The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
    Location string
    The location/region where the connection is located. Changing this forces a new resource to be created.
    Name string
    The name of the connection. Changing the name forces a new resource to be created.
    PeerVirtualNetworkGatewayId string
    The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created.
    PrivateLinkFastPathEnabled bool
    Bypass the Express Route gateway when accessing private-links. When enabled express_route_gateway_bypass must be set to true. Defaults to false.
    RoutingWeight int
    The routing weight. Defaults to 10.
    SharedKey string
    The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    TrafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs
    One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
    UsePolicyBasedTrafficSelectors bool
    If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
    resourceGroupName String
    The name of the resource group in which to create the connection Changing this forces a new resource to be created.
    type String
    The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created.
    virtualNetworkGatewayId String
    The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
    authorizationKey String
    The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
    connectionMode String
    Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
    connectionProtocol String

    The IKE protocol version to use. Possible values are IKEv1 and IKEv2, values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this forces a new resource to be created.

    Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.

    customBgpAddresses VirtualNetworkGatewayConnectionCustomBgpAddresses
    A custom_bgp_addresses block which is documented below. The block can only be used on IPSec / activeactive connections, For details about see the relevant section in the Azure documentation.
    dpdTimeoutSeconds Integer
    The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
    egressNatRuleIds List<String>
    A list of the egress NAT Rule Ids.
    enableBgp Boolean
    If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
    expressRouteCircuitId String
    The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created.
    expressRouteGatewayBypass Boolean
    If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
    ingressNatRuleIds List<String>
    A list of the ingress NAT Rule Ids.
    ipsecPolicy VirtualNetworkGatewayConnectionIpsecPolicy
    A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
    localAzureIpAddressEnabled Boolean
    Use private local Azure IP for the connection. Changing this forces a new resource to be created.
    localNetworkGatewayId String
    The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
    location String
    The location/region where the connection is located. Changing this forces a new resource to be created.
    name String
    The name of the connection. Changing the name forces a new resource to be created.
    peerVirtualNetworkGatewayId String
    The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created.
    privateLinkFastPathEnabled Boolean
    Bypass the Express Route gateway when accessing private-links. When enabled express_route_gateway_bypass must be set to true. Defaults to false.
    routingWeight Integer
    The routing weight. Defaults to 10.
    sharedKey String
    The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    trafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicy
    One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
    usePolicyBasedTrafficSelectors Boolean
    If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
    resourceGroupName string
    The name of the resource group in which to create the connection Changing this forces a new resource to be created.
    type string
    The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created.
    virtualNetworkGatewayId string
    The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
    authorizationKey string
    The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
    connectionMode string
    Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
    connectionProtocol string

    The IKE protocol version to use. Possible values are IKEv1 and IKEv2, values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this forces a new resource to be created.

    Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.

    customBgpAddresses VirtualNetworkGatewayConnectionCustomBgpAddresses
    A custom_bgp_addresses block which is documented below. The block can only be used on IPSec / activeactive connections, For details about see the relevant section in the Azure documentation.
    dpdTimeoutSeconds number
    The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
    egressNatRuleIds string[]
    A list of the egress NAT Rule Ids.
    enableBgp boolean
    If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
    expressRouteCircuitId string
    The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created.
    expressRouteGatewayBypass boolean
    If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
    ingressNatRuleIds string[]
    A list of the ingress NAT Rule Ids.
    ipsecPolicy VirtualNetworkGatewayConnectionIpsecPolicy
    A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
    localAzureIpAddressEnabled boolean
    Use private local Azure IP for the connection. Changing this forces a new resource to be created.
    localNetworkGatewayId string
    The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
    location string
    The location/region where the connection is located. Changing this forces a new resource to be created.
    name string
    The name of the connection. Changing the name forces a new resource to be created.
    peerVirtualNetworkGatewayId string
    The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created.
    privateLinkFastPathEnabled boolean
    Bypass the Express Route gateway when accessing private-links. When enabled express_route_gateway_bypass must be set to true. Defaults to false.
    routingWeight number
    The routing weight. Defaults to 10.
    sharedKey string
    The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    trafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicy
    One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
    usePolicyBasedTrafficSelectors boolean
    If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
    resource_group_name str
    The name of the resource group in which to create the connection Changing this forces a new resource to be created.
    type str
    The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created.
    virtual_network_gateway_id str
    The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
    authorization_key str
    The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
    connection_mode str
    Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
    connection_protocol str

    The IKE protocol version to use. Possible values are IKEv1 and IKEv2, values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this forces a new resource to be created.

    Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.

    custom_bgp_addresses VirtualNetworkGatewayConnectionCustomBgpAddressesArgs
    A custom_bgp_addresses block which is documented below. The block can only be used on IPSec / activeactive connections, For details about see the relevant section in the Azure documentation.
    dpd_timeout_seconds int
    The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
    egress_nat_rule_ids Sequence[str]
    A list of the egress NAT Rule Ids.
    enable_bgp bool
    If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
    express_route_circuit_id str
    The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created.
    express_route_gateway_bypass bool
    If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
    ingress_nat_rule_ids Sequence[str]
    A list of the ingress NAT Rule Ids.
    ipsec_policy VirtualNetworkGatewayConnectionIpsecPolicyArgs
    A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
    local_azure_ip_address_enabled bool
    Use private local Azure IP for the connection. Changing this forces a new resource to be created.
    local_network_gateway_id str
    The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
    location str
    The location/region where the connection is located. Changing this forces a new resource to be created.
    name str
    The name of the connection. Changing the name forces a new resource to be created.
    peer_virtual_network_gateway_id str
    The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created.
    private_link_fast_path_enabled bool
    Bypass the Express Route gateway when accessing private-links. When enabled express_route_gateway_bypass must be set to true. Defaults to false.
    routing_weight int
    The routing weight. Defaults to 10.
    shared_key str
    The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    traffic_selector_policy VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs
    One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
    use_policy_based_traffic_selectors bool
    If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
    resourceGroupName String
    The name of the resource group in which to create the connection Changing this forces a new resource to be created.
    type String
    The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created.
    virtualNetworkGatewayId String
    The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
    authorizationKey String
    The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
    connectionMode String
    Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
    connectionProtocol String

    The IKE protocol version to use. Possible values are IKEv1 and IKEv2, values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this forces a new resource to be created.

    Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.

    customBgpAddresses Property Map
    A custom_bgp_addresses block which is documented below. The block can only be used on IPSec / activeactive connections, For details about see the relevant section in the Azure documentation.
    dpdTimeoutSeconds Number
    The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
    egressNatRuleIds List<String>
    A list of the egress NAT Rule Ids.
    enableBgp Boolean
    If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
    expressRouteCircuitId String
    The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created.
    expressRouteGatewayBypass Boolean
    If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
    ingressNatRuleIds List<String>
    A list of the ingress NAT Rule Ids.
    ipsecPolicy Property Map
    A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
    localAzureIpAddressEnabled Boolean
    Use private local Azure IP for the connection. Changing this forces a new resource to be created.
    localNetworkGatewayId String
    The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
    location String
    The location/region where the connection is located. Changing this forces a new resource to be created.
    name String
    The name of the connection. Changing the name forces a new resource to be created.
    peerVirtualNetworkGatewayId String
    The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created.
    privateLinkFastPathEnabled Boolean
    Bypass the Express Route gateway when accessing private-links. When enabled express_route_gateway_bypass must be set to true. Defaults to false.
    routingWeight Number
    The routing weight. Defaults to 10.
    sharedKey String
    The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
    tags Map<String>
    A mapping of tags to assign to the resource.
    trafficSelectorPolicy Property Map
    One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
    usePolicyBasedTrafficSelectors Boolean
    If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the VirtualNetworkGatewayConnection resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing VirtualNetworkGatewayConnection Resource

    Get an existing VirtualNetworkGatewayConnection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: VirtualNetworkGatewayConnectionState, opts?: CustomResourceOptions): VirtualNetworkGatewayConnection
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            authorization_key: Optional[str] = None,
            connection_mode: Optional[str] = None,
            connection_protocol: Optional[str] = None,
            custom_bgp_addresses: Optional[VirtualNetworkGatewayConnectionCustomBgpAddressesArgs] = None,
            dpd_timeout_seconds: Optional[int] = None,
            egress_nat_rule_ids: Optional[Sequence[str]] = None,
            enable_bgp: Optional[bool] = None,
            express_route_circuit_id: Optional[str] = None,
            express_route_gateway_bypass: Optional[bool] = None,
            ingress_nat_rule_ids: Optional[Sequence[str]] = None,
            ipsec_policy: Optional[VirtualNetworkGatewayConnectionIpsecPolicyArgs] = None,
            local_azure_ip_address_enabled: Optional[bool] = None,
            local_network_gateway_id: Optional[str] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            peer_virtual_network_gateway_id: Optional[str] = None,
            private_link_fast_path_enabled: Optional[bool] = None,
            resource_group_name: Optional[str] = None,
            routing_weight: Optional[int] = None,
            shared_key: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            traffic_selector_policy: Optional[VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs] = None,
            type: Optional[str] = None,
            use_policy_based_traffic_selectors: Optional[bool] = None,
            virtual_network_gateway_id: Optional[str] = None) -> VirtualNetworkGatewayConnection
    func GetVirtualNetworkGatewayConnection(ctx *Context, name string, id IDInput, state *VirtualNetworkGatewayConnectionState, opts ...ResourceOption) (*VirtualNetworkGatewayConnection, error)
    public static VirtualNetworkGatewayConnection Get(string name, Input<string> id, VirtualNetworkGatewayConnectionState? state, CustomResourceOptions? opts = null)
    public static VirtualNetworkGatewayConnection get(String name, Output<String> id, VirtualNetworkGatewayConnectionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AuthorizationKey string
    The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
    ConnectionMode string
    Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
    ConnectionProtocol string

    The IKE protocol version to use. Possible values are IKEv1 and IKEv2, values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this forces a new resource to be created.

    Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.

    CustomBgpAddresses VirtualNetworkGatewayConnectionCustomBgpAddresses
    A custom_bgp_addresses block which is documented below. The block can only be used on IPSec / activeactive connections, For details about see the relevant section in the Azure documentation.
    DpdTimeoutSeconds int
    The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
    EgressNatRuleIds List<string>
    A list of the egress NAT Rule Ids.
    EnableBgp bool
    If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
    ExpressRouteCircuitId string
    The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created.
    ExpressRouteGatewayBypass bool
    If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
    IngressNatRuleIds List<string>
    A list of the ingress NAT Rule Ids.
    IpsecPolicy VirtualNetworkGatewayConnectionIpsecPolicy
    A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
    LocalAzureIpAddressEnabled bool
    Use private local Azure IP for the connection. Changing this forces a new resource to be created.
    LocalNetworkGatewayId string
    The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
    Location string
    The location/region where the connection is located. Changing this forces a new resource to be created.
    Name string
    The name of the connection. Changing the name forces a new resource to be created.
    PeerVirtualNetworkGatewayId string
    The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created.
    PrivateLinkFastPathEnabled bool
    Bypass the Express Route gateway when accessing private-links. When enabled express_route_gateway_bypass must be set to true. Defaults to false.
    ResourceGroupName string
    The name of the resource group in which to create the connection Changing this forces a new resource to be created.
    RoutingWeight int
    The routing weight. Defaults to 10.
    SharedKey string
    The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
    Tags Dictionary<string, string>
    A mapping of tags to assign to the resource.
    TrafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicy
    One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
    Type string
    The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created.
    UsePolicyBasedTrafficSelectors bool
    If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
    VirtualNetworkGatewayId string
    The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
    AuthorizationKey string
    The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
    ConnectionMode string
    Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
    ConnectionProtocol string

    The IKE protocol version to use. Possible values are IKEv1 and IKEv2, values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this forces a new resource to be created.

    Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.

    CustomBgpAddresses VirtualNetworkGatewayConnectionCustomBgpAddressesArgs
    A custom_bgp_addresses block which is documented below. The block can only be used on IPSec / activeactive connections, For details about see the relevant section in the Azure documentation.
    DpdTimeoutSeconds int
    The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
    EgressNatRuleIds []string
    A list of the egress NAT Rule Ids.
    EnableBgp bool
    If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
    ExpressRouteCircuitId string
    The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created.
    ExpressRouteGatewayBypass bool
    If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
    IngressNatRuleIds []string
    A list of the ingress NAT Rule Ids.
    IpsecPolicy VirtualNetworkGatewayConnectionIpsecPolicyArgs
    A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
    LocalAzureIpAddressEnabled bool
    Use private local Azure IP for the connection. Changing this forces a new resource to be created.
    LocalNetworkGatewayId string
    The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
    Location string
    The location/region where the connection is located. Changing this forces a new resource to be created.
    Name string
    The name of the connection. Changing the name forces a new resource to be created.
    PeerVirtualNetworkGatewayId string
    The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created.
    PrivateLinkFastPathEnabled bool
    Bypass the Express Route gateway when accessing private-links. When enabled express_route_gateway_bypass must be set to true. Defaults to false.
    ResourceGroupName string
    The name of the resource group in which to create the connection Changing this forces a new resource to be created.
    RoutingWeight int
    The routing weight. Defaults to 10.
    SharedKey string
    The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
    Tags map[string]string
    A mapping of tags to assign to the resource.
    TrafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs
    One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
    Type string
    The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created.
    UsePolicyBasedTrafficSelectors bool
    If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
    VirtualNetworkGatewayId string
    The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
    authorizationKey String
    The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
    connectionMode String
    Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
    connectionProtocol String

    The IKE protocol version to use. Possible values are IKEv1 and IKEv2, values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this forces a new resource to be created.

    Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.

    customBgpAddresses VirtualNetworkGatewayConnectionCustomBgpAddresses
    A custom_bgp_addresses block which is documented below. The block can only be used on IPSec / activeactive connections, For details about see the relevant section in the Azure documentation.
    dpdTimeoutSeconds Integer
    The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
    egressNatRuleIds List<String>
    A list of the egress NAT Rule Ids.
    enableBgp Boolean
    If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
    expressRouteCircuitId String
    The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created.
    expressRouteGatewayBypass Boolean
    If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
    ingressNatRuleIds List<String>
    A list of the ingress NAT Rule Ids.
    ipsecPolicy VirtualNetworkGatewayConnectionIpsecPolicy
    A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
    localAzureIpAddressEnabled Boolean
    Use private local Azure IP for the connection. Changing this forces a new resource to be created.
    localNetworkGatewayId String
    The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
    location String
    The location/region where the connection is located. Changing this forces a new resource to be created.
    name String
    The name of the connection. Changing the name forces a new resource to be created.
    peerVirtualNetworkGatewayId String
    The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created.
    privateLinkFastPathEnabled Boolean
    Bypass the Express Route gateway when accessing private-links. When enabled express_route_gateway_bypass must be set to true. Defaults to false.
    resourceGroupName String
    The name of the resource group in which to create the connection Changing this forces a new resource to be created.
    routingWeight Integer
    The routing weight. Defaults to 10.
    sharedKey String
    The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
    tags Map<String,String>
    A mapping of tags to assign to the resource.
    trafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicy
    One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
    type String
    The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created.
    usePolicyBasedTrafficSelectors Boolean
    If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
    virtualNetworkGatewayId String
    The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
    authorizationKey string
    The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
    connectionMode string
    Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
    connectionProtocol string

    The IKE protocol version to use. Possible values are IKEv1 and IKEv2, values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this forces a new resource to be created.

    Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.

    customBgpAddresses VirtualNetworkGatewayConnectionCustomBgpAddresses
    A custom_bgp_addresses block which is documented below. The block can only be used on IPSec / activeactive connections, For details about see the relevant section in the Azure documentation.
    dpdTimeoutSeconds number
    The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
    egressNatRuleIds string[]
    A list of the egress NAT Rule Ids.
    enableBgp boolean
    If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
    expressRouteCircuitId string
    The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created.
    expressRouteGatewayBypass boolean
    If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
    ingressNatRuleIds string[]
    A list of the ingress NAT Rule Ids.
    ipsecPolicy VirtualNetworkGatewayConnectionIpsecPolicy
    A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
    localAzureIpAddressEnabled boolean
    Use private local Azure IP for the connection. Changing this forces a new resource to be created.
    localNetworkGatewayId string
    The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
    location string
    The location/region where the connection is located. Changing this forces a new resource to be created.
    name string
    The name of the connection. Changing the name forces a new resource to be created.
    peerVirtualNetworkGatewayId string
    The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created.
    privateLinkFastPathEnabled boolean
    Bypass the Express Route gateway when accessing private-links. When enabled express_route_gateway_bypass must be set to true. Defaults to false.
    resourceGroupName string
    The name of the resource group in which to create the connection Changing this forces a new resource to be created.
    routingWeight number
    The routing weight. Defaults to 10.
    sharedKey string
    The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
    tags {[key: string]: string}
    A mapping of tags to assign to the resource.
    trafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicy
    One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
    type string
    The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created.
    usePolicyBasedTrafficSelectors boolean
    If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
    virtualNetworkGatewayId string
    The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
    authorization_key str
    The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
    connection_mode str
    Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
    connection_protocol str

    The IKE protocol version to use. Possible values are IKEv1 and IKEv2, values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this forces a new resource to be created.

    Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.

    custom_bgp_addresses VirtualNetworkGatewayConnectionCustomBgpAddressesArgs
    A custom_bgp_addresses block which is documented below. The block can only be used on IPSec / activeactive connections, For details about see the relevant section in the Azure documentation.
    dpd_timeout_seconds int
    The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
    egress_nat_rule_ids Sequence[str]
    A list of the egress NAT Rule Ids.
    enable_bgp bool
    If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
    express_route_circuit_id str
    The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created.
    express_route_gateway_bypass bool
    If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
    ingress_nat_rule_ids Sequence[str]
    A list of the ingress NAT Rule Ids.
    ipsec_policy VirtualNetworkGatewayConnectionIpsecPolicyArgs
    A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
    local_azure_ip_address_enabled bool
    Use private local Azure IP for the connection. Changing this forces a new resource to be created.
    local_network_gateway_id str
    The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
    location str
    The location/region where the connection is located. Changing this forces a new resource to be created.
    name str
    The name of the connection. Changing the name forces a new resource to be created.
    peer_virtual_network_gateway_id str
    The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created.
    private_link_fast_path_enabled bool
    Bypass the Express Route gateway when accessing private-links. When enabled express_route_gateway_bypass must be set to true. Defaults to false.
    resource_group_name str
    The name of the resource group in which to create the connection Changing this forces a new resource to be created.
    routing_weight int
    The routing weight. Defaults to 10.
    shared_key str
    The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
    tags Mapping[str, str]
    A mapping of tags to assign to the resource.
    traffic_selector_policy VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs
    One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
    type str
    The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created.
    use_policy_based_traffic_selectors bool
    If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
    virtual_network_gateway_id str
    The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
    authorizationKey String
    The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
    connectionMode String
    Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
    connectionProtocol String

    The IKE protocol version to use. Possible values are IKEv1 and IKEv2, values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this forces a new resource to be created.

    Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.

    customBgpAddresses Property Map
    A custom_bgp_addresses block which is documented below. The block can only be used on IPSec / activeactive connections, For details about see the relevant section in the Azure documentation.
    dpdTimeoutSeconds Number
    The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
    egressNatRuleIds List<String>
    A list of the egress NAT Rule Ids.
    enableBgp Boolean
    If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
    expressRouteCircuitId String
    The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created.
    expressRouteGatewayBypass Boolean
    If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
    ingressNatRuleIds List<String>
    A list of the ingress NAT Rule Ids.
    ipsecPolicy Property Map
    A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
    localAzureIpAddressEnabled Boolean
    Use private local Azure IP for the connection. Changing this forces a new resource to be created.
    localNetworkGatewayId String
    The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
    location String
    The location/region where the connection is located. Changing this forces a new resource to be created.
    name String
    The name of the connection. Changing the name forces a new resource to be created.
    peerVirtualNetworkGatewayId String
    The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created.
    privateLinkFastPathEnabled Boolean
    Bypass the Express Route gateway when accessing private-links. When enabled express_route_gateway_bypass must be set to true. Defaults to false.
    resourceGroupName String
    The name of the resource group in which to create the connection Changing this forces a new resource to be created.
    routingWeight Number
    The routing weight. Defaults to 10.
    sharedKey String
    The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
    tags Map<String>
    A mapping of tags to assign to the resource.
    trafficSelectorPolicy Property Map
    One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
    type String
    The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created.
    usePolicyBasedTrafficSelectors Boolean
    If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
    virtualNetworkGatewayId String
    The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.

    Supporting Types

    VirtualNetworkGatewayConnectionCustomBgpAddresses, VirtualNetworkGatewayConnectionCustomBgpAddressesArgs

    Primary string
    single IP address that is part of the azure.network.VirtualNetworkGateway ip_configuration (first one)
    Secondary string
    single IP address that is part of the azure.network.VirtualNetworkGateway ip_configuration (second one)
    Primary string
    single IP address that is part of the azure.network.VirtualNetworkGateway ip_configuration (first one)
    Secondary string
    single IP address that is part of the azure.network.VirtualNetworkGateway ip_configuration (second one)
    primary String
    single IP address that is part of the azure.network.VirtualNetworkGateway ip_configuration (first one)
    secondary String
    single IP address that is part of the azure.network.VirtualNetworkGateway ip_configuration (second one)
    primary string
    single IP address that is part of the azure.network.VirtualNetworkGateway ip_configuration (first one)
    secondary string
    single IP address that is part of the azure.network.VirtualNetworkGateway ip_configuration (second one)
    primary str
    single IP address that is part of the azure.network.VirtualNetworkGateway ip_configuration (first one)
    secondary str
    single IP address that is part of the azure.network.VirtualNetworkGateway ip_configuration (second one)
    primary String
    single IP address that is part of the azure.network.VirtualNetworkGateway ip_configuration (first one)
    secondary String
    single IP address that is part of the azure.network.VirtualNetworkGateway ip_configuration (second one)

    VirtualNetworkGatewayConnectionIpsecPolicy, VirtualNetworkGatewayConnectionIpsecPolicyArgs

    DhGroup string
    The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
    IkeEncryption string
    The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, or GCMAES256.
    IkeIntegrity string
    The IKE integrity algorithm. Valid options are GCMAES128, GCMAES256, MD5, SHA1, SHA256, or SHA384.
    IpsecEncryption string
    The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
    IpsecIntegrity string
    The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
    PfsGroup string
    The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM, or None.
    SaDatasize int
    The IPSec SA payload size in KB. Must be at least 1024 KB. Defaults to 102400000 KB.
    SaLifetime int
    The IPSec SA lifetime in seconds. Must be at least 300 seconds. Defaults to 27000 seconds.
    DhGroup string
    The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
    IkeEncryption string
    The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, or GCMAES256.
    IkeIntegrity string
    The IKE integrity algorithm. Valid options are GCMAES128, GCMAES256, MD5, SHA1, SHA256, or SHA384.
    IpsecEncryption string
    The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
    IpsecIntegrity string
    The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
    PfsGroup string
    The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM, or None.
    SaDatasize int
    The IPSec SA payload size in KB. Must be at least 1024 KB. Defaults to 102400000 KB.
    SaLifetime int
    The IPSec SA lifetime in seconds. Must be at least 300 seconds. Defaults to 27000 seconds.
    dhGroup String
    The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
    ikeEncryption String
    The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, or GCMAES256.
    ikeIntegrity String
    The IKE integrity algorithm. Valid options are GCMAES128, GCMAES256, MD5, SHA1, SHA256, or SHA384.
    ipsecEncryption String
    The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
    ipsecIntegrity String
    The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
    pfsGroup String
    The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM, or None.
    saDatasize Integer
    The IPSec SA payload size in KB. Must be at least 1024 KB. Defaults to 102400000 KB.
    saLifetime Integer
    The IPSec SA lifetime in seconds. Must be at least 300 seconds. Defaults to 27000 seconds.
    dhGroup string
    The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
    ikeEncryption string
    The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, or GCMAES256.
    ikeIntegrity string
    The IKE integrity algorithm. Valid options are GCMAES128, GCMAES256, MD5, SHA1, SHA256, or SHA384.
    ipsecEncryption string
    The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
    ipsecIntegrity string
    The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
    pfsGroup string
    The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM, or None.
    saDatasize number
    The IPSec SA payload size in KB. Must be at least 1024 KB. Defaults to 102400000 KB.
    saLifetime number
    The IPSec SA lifetime in seconds. Must be at least 300 seconds. Defaults to 27000 seconds.
    dh_group str
    The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
    ike_encryption str
    The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, or GCMAES256.
    ike_integrity str
    The IKE integrity algorithm. Valid options are GCMAES128, GCMAES256, MD5, SHA1, SHA256, or SHA384.
    ipsec_encryption str
    The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
    ipsec_integrity str
    The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
    pfs_group str
    The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM, or None.
    sa_datasize int
    The IPSec SA payload size in KB. Must be at least 1024 KB. Defaults to 102400000 KB.
    sa_lifetime int
    The IPSec SA lifetime in seconds. Must be at least 300 seconds. Defaults to 27000 seconds.
    dhGroup String
    The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
    ikeEncryption String
    The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, or GCMAES256.
    ikeIntegrity String
    The IKE integrity algorithm. Valid options are GCMAES128, GCMAES256, MD5, SHA1, SHA256, or SHA384.
    ipsecEncryption String
    The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
    ipsecIntegrity String
    The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
    pfsGroup String
    The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM, or None.
    saDatasize Number
    The IPSec SA payload size in KB. Must be at least 1024 KB. Defaults to 102400000 KB.
    saLifetime Number
    The IPSec SA lifetime in seconds. Must be at least 300 seconds. Defaults to 27000 seconds.

    VirtualNetworkGatewayConnectionTrafficSelectorPolicy, VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs

    LocalAddressCidrs List<string>
    List of local CIDRs.
    RemoteAddressCidrs List<string>
    List of remote CIDRs.
    LocalAddressCidrs []string
    List of local CIDRs.
    RemoteAddressCidrs []string
    List of remote CIDRs.
    localAddressCidrs List<String>
    List of local CIDRs.
    remoteAddressCidrs List<String>
    List of remote CIDRs.
    localAddressCidrs string[]
    List of local CIDRs.
    remoteAddressCidrs string[]
    List of remote CIDRs.
    local_address_cidrs Sequence[str]
    List of local CIDRs.
    remote_address_cidrs Sequence[str]
    List of remote CIDRs.
    localAddressCidrs List<String>
    List of local CIDRs.
    remoteAddressCidrs List<String>
    List of remote CIDRs.

    Import

    Virtual Network Gateway Connections can be imported using their resource id, e.g.

    $ pulumi import azure:network/virtualNetworkGatewayConnection:VirtualNetworkGatewayConnection exampleConnection /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup1/providers/Microsoft.Network/connections/myConnection1
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure v6.10.0 published on Tuesday, Nov 19, 2024 by Pulumi