We recommend using Azure Native.
azure.network.VirtualNetworkGatewayConnection
Explore with Pulumi AI
Manages a connection in an existing Virtual Network Gateway.
Example Usage
Site-to-Site connection
The following example shows a connection between an Azure virtual network and an on-premises VPN device and network.
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "test",
location: "West US",
});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
name: "test",
location: example.location,
resourceGroupName: example.name,
addressSpaces: ["10.0.0.0/16"],
});
const exampleSubnet = new azure.network.Subnet("example", {
name: "GatewaySubnet",
resourceGroupName: example.name,
virtualNetworkName: exampleVirtualNetwork.name,
addressPrefixes: ["10.0.1.0/24"],
});
const onpremise = new azure.network.LocalNetworkGateway("onpremise", {
name: "onpremise",
location: example.location,
resourceGroupName: example.name,
gatewayAddress: "168.62.225.23",
addressSpaces: ["10.1.1.0/24"],
});
const examplePublicIp = new azure.network.PublicIp("example", {
name: "test",
location: example.location,
resourceGroupName: example.name,
allocationMethod: "Dynamic",
});
const exampleVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("example", {
name: "test",
location: example.location,
resourceGroupName: example.name,
type: "Vpn",
vpnType: "RouteBased",
activeActive: false,
enableBgp: false,
sku: "Basic",
ipConfigurations: [{
publicIpAddressId: examplePublicIp.id,
privateIpAddressAllocation: "Dynamic",
subnetId: exampleSubnet.id,
}],
});
const onpremiseVirtualNetworkGatewayConnection = new azure.network.VirtualNetworkGatewayConnection("onpremise", {
name: "onpremise",
location: example.location,
resourceGroupName: example.name,
type: "IPsec",
virtualNetworkGatewayId: exampleVirtualNetworkGateway.id,
localNetworkGatewayId: onpremise.id,
sharedKey: "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
});
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="test",
location="West US")
example_virtual_network = azure.network.VirtualNetwork("example",
name="test",
location=example.location,
resource_group_name=example.name,
address_spaces=["10.0.0.0/16"])
example_subnet = azure.network.Subnet("example",
name="GatewaySubnet",
resource_group_name=example.name,
virtual_network_name=example_virtual_network.name,
address_prefixes=["10.0.1.0/24"])
onpremise = azure.network.LocalNetworkGateway("onpremise",
name="onpremise",
location=example.location,
resource_group_name=example.name,
gateway_address="168.62.225.23",
address_spaces=["10.1.1.0/24"])
example_public_ip = azure.network.PublicIp("example",
name="test",
location=example.location,
resource_group_name=example.name,
allocation_method="Dynamic")
example_virtual_network_gateway = azure.network.VirtualNetworkGateway("example",
name="test",
location=example.location,
resource_group_name=example.name,
type="Vpn",
vpn_type="RouteBased",
active_active=False,
enable_bgp=False,
sku="Basic",
ip_configurations=[{
"public_ip_address_id": example_public_ip.id,
"private_ip_address_allocation": "Dynamic",
"subnet_id": example_subnet.id,
}])
onpremise_virtual_network_gateway_connection = azure.network.VirtualNetworkGatewayConnection("onpremise",
name="onpremise",
location=example.location,
resource_group_name=example.name,
type="IPsec",
virtual_network_gateway_id=example_virtual_network_gateway.id,
local_network_gateway_id=onpremise.id,
shared_key="4-v3ry-53cr37-1p53c-5h4r3d-k3y")
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("test"),
Location: pulumi.String("West US"),
})
if err != nil {
return err
}
exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "example", &network.VirtualNetworkArgs{
Name: pulumi.String("test"),
Location: example.Location,
ResourceGroupName: example.Name,
AddressSpaces: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
})
if err != nil {
return err
}
exampleSubnet, err := network.NewSubnet(ctx, "example", &network.SubnetArgs{
Name: pulumi.String("GatewaySubnet"),
ResourceGroupName: example.Name,
VirtualNetworkName: exampleVirtualNetwork.Name,
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.1.0/24"),
},
})
if err != nil {
return err
}
onpremise, err := network.NewLocalNetworkGateway(ctx, "onpremise", &network.LocalNetworkGatewayArgs{
Name: pulumi.String("onpremise"),
Location: example.Location,
ResourceGroupName: example.Name,
GatewayAddress: pulumi.String("168.62.225.23"),
AddressSpaces: pulumi.StringArray{
pulumi.String("10.1.1.0/24"),
},
})
if err != nil {
return err
}
examplePublicIp, err := network.NewPublicIp(ctx, "example", &network.PublicIpArgs{
Name: pulumi.String("test"),
Location: example.Location,
ResourceGroupName: example.Name,
AllocationMethod: pulumi.String("Dynamic"),
})
if err != nil {
return err
}
exampleVirtualNetworkGateway, err := network.NewVirtualNetworkGateway(ctx, "example", &network.VirtualNetworkGatewayArgs{
Name: pulumi.String("test"),
Location: example.Location,
ResourceGroupName: example.Name,
Type: pulumi.String("Vpn"),
VpnType: pulumi.String("RouteBased"),
ActiveActive: pulumi.Bool(false),
EnableBgp: pulumi.Bool(false),
Sku: pulumi.String("Basic"),
IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
&network.VirtualNetworkGatewayIpConfigurationArgs{
PublicIpAddressId: examplePublicIp.ID(),
PrivateIpAddressAllocation: pulumi.String("Dynamic"),
SubnetId: exampleSubnet.ID(),
},
},
})
if err != nil {
return err
}
_, err = network.NewVirtualNetworkGatewayConnection(ctx, "onpremise", &network.VirtualNetworkGatewayConnectionArgs{
Name: pulumi.String("onpremise"),
Location: example.Location,
ResourceGroupName: example.Name,
Type: pulumi.String("IPsec"),
VirtualNetworkGatewayId: exampleVirtualNetworkGateway.ID(),
LocalNetworkGatewayId: onpremise.ID(),
SharedKey: pulumi.String("4-v3ry-53cr37-1p53c-5h4r3d-k3y"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "test",
Location = "West US",
});
var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("example", new()
{
Name = "test",
Location = example.Location,
ResourceGroupName = example.Name,
AddressSpaces = new[]
{
"10.0.0.0/16",
},
});
var exampleSubnet = new Azure.Network.Subnet("example", new()
{
Name = "GatewaySubnet",
ResourceGroupName = example.Name,
VirtualNetworkName = exampleVirtualNetwork.Name,
AddressPrefixes = new[]
{
"10.0.1.0/24",
},
});
var onpremise = new Azure.Network.LocalNetworkGateway("onpremise", new()
{
Name = "onpremise",
Location = example.Location,
ResourceGroupName = example.Name,
GatewayAddress = "168.62.225.23",
AddressSpaces = new[]
{
"10.1.1.0/24",
},
});
var examplePublicIp = new Azure.Network.PublicIp("example", new()
{
Name = "test",
Location = example.Location,
ResourceGroupName = example.Name,
AllocationMethod = "Dynamic",
});
var exampleVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("example", new()
{
Name = "test",
Location = example.Location,
ResourceGroupName = example.Name,
Type = "Vpn",
VpnType = "RouteBased",
ActiveActive = false,
EnableBgp = false,
Sku = "Basic",
IpConfigurations = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
{
PublicIpAddressId = examplePublicIp.Id,
PrivateIpAddressAllocation = "Dynamic",
SubnetId = exampleSubnet.Id,
},
},
});
var onpremiseVirtualNetworkGatewayConnection = new Azure.Network.VirtualNetworkGatewayConnection("onpremise", new()
{
Name = "onpremise",
Location = example.Location,
ResourceGroupName = example.Name,
Type = "IPsec",
VirtualNetworkGatewayId = exampleVirtualNetworkGateway.Id,
LocalNetworkGatewayId = onpremise.Id,
SharedKey = "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.LocalNetworkGateway;
import com.pulumi.azure.network.LocalNetworkGatewayArgs;
import com.pulumi.azure.network.PublicIp;
import com.pulumi.azure.network.PublicIpArgs;
import com.pulumi.azure.network.VirtualNetworkGateway;
import com.pulumi.azure.network.VirtualNetworkGatewayArgs;
import com.pulumi.azure.network.inputs.VirtualNetworkGatewayIpConfigurationArgs;
import com.pulumi.azure.network.VirtualNetworkGatewayConnection;
import com.pulumi.azure.network.VirtualNetworkGatewayConnectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("test")
.location("West US")
.build());
var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
.name("test")
.location(example.location())
.resourceGroupName(example.name())
.addressSpaces("10.0.0.0/16")
.build());
var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
.name("GatewaySubnet")
.resourceGroupName(example.name())
.virtualNetworkName(exampleVirtualNetwork.name())
.addressPrefixes("10.0.1.0/24")
.build());
var onpremise = new LocalNetworkGateway("onpremise", LocalNetworkGatewayArgs.builder()
.name("onpremise")
.location(example.location())
.resourceGroupName(example.name())
.gatewayAddress("168.62.225.23")
.addressSpaces("10.1.1.0/24")
.build());
var examplePublicIp = new PublicIp("examplePublicIp", PublicIpArgs.builder()
.name("test")
.location(example.location())
.resourceGroupName(example.name())
.allocationMethod("Dynamic")
.build());
var exampleVirtualNetworkGateway = new VirtualNetworkGateway("exampleVirtualNetworkGateway", VirtualNetworkGatewayArgs.builder()
.name("test")
.location(example.location())
.resourceGroupName(example.name())
.type("Vpn")
.vpnType("RouteBased")
.activeActive(false)
.enableBgp(false)
.sku("Basic")
.ipConfigurations(VirtualNetworkGatewayIpConfigurationArgs.builder()
.publicIpAddressId(examplePublicIp.id())
.privateIpAddressAllocation("Dynamic")
.subnetId(exampleSubnet.id())
.build())
.build());
var onpremiseVirtualNetworkGatewayConnection = new VirtualNetworkGatewayConnection("onpremiseVirtualNetworkGatewayConnection", VirtualNetworkGatewayConnectionArgs.builder()
.name("onpremise")
.location(example.location())
.resourceGroupName(example.name())
.type("IPsec")
.virtualNetworkGatewayId(exampleVirtualNetworkGateway.id())
.localNetworkGatewayId(onpremise.id())
.sharedKey("4-v3ry-53cr37-1p53c-5h4r3d-k3y")
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: test
location: West US
exampleVirtualNetwork:
type: azure:network:VirtualNetwork
name: example
properties:
name: test
location: ${example.location}
resourceGroupName: ${example.name}
addressSpaces:
- 10.0.0.0/16
exampleSubnet:
type: azure:network:Subnet
name: example
properties:
name: GatewaySubnet
resourceGroupName: ${example.name}
virtualNetworkName: ${exampleVirtualNetwork.name}
addressPrefixes:
- 10.0.1.0/24
onpremise:
type: azure:network:LocalNetworkGateway
properties:
name: onpremise
location: ${example.location}
resourceGroupName: ${example.name}
gatewayAddress: 168.62.225.23
addressSpaces:
- 10.1.1.0/24
examplePublicIp:
type: azure:network:PublicIp
name: example
properties:
name: test
location: ${example.location}
resourceGroupName: ${example.name}
allocationMethod: Dynamic
exampleVirtualNetworkGateway:
type: azure:network:VirtualNetworkGateway
name: example
properties:
name: test
location: ${example.location}
resourceGroupName: ${example.name}
type: Vpn
vpnType: RouteBased
activeActive: false
enableBgp: false
sku: Basic
ipConfigurations:
- publicIpAddressId: ${examplePublicIp.id}
privateIpAddressAllocation: Dynamic
subnetId: ${exampleSubnet.id}
onpremiseVirtualNetworkGatewayConnection:
type: azure:network:VirtualNetworkGatewayConnection
name: onpremise
properties:
name: onpremise
location: ${example.location}
resourceGroupName: ${example.name}
type: IPsec
virtualNetworkGatewayId: ${exampleVirtualNetworkGateway.id}
localNetworkGatewayId: ${onpremise.id}
sharedKey: 4-v3ry-53cr37-1p53c-5h4r3d-k3y
VNet-to-VNet connection
The following example shows a connection between two Azure virtual network in different locations/regions.
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const us = new azure.core.ResourceGroup("us", {
name: "us",
location: "East US",
});
const usVirtualNetwork = new azure.network.VirtualNetwork("us", {
name: "us",
location: us.location,
resourceGroupName: us.name,
addressSpaces: ["10.0.0.0/16"],
});
const usGateway = new azure.network.Subnet("us_gateway", {
name: "GatewaySubnet",
resourceGroupName: us.name,
virtualNetworkName: usVirtualNetwork.name,
addressPrefixes: ["10.0.1.0/24"],
});
const usPublicIp = new azure.network.PublicIp("us", {
name: "us",
location: us.location,
resourceGroupName: us.name,
allocationMethod: "Dynamic",
});
const usVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("us", {
name: "us-gateway",
location: us.location,
resourceGroupName: us.name,
type: "Vpn",
vpnType: "RouteBased",
sku: "Basic",
ipConfigurations: [{
publicIpAddressId: usPublicIp.id,
privateIpAddressAllocation: "Dynamic",
subnetId: usGateway.id,
}],
});
const europe = new azure.core.ResourceGroup("europe", {
name: "europe",
location: "West Europe",
});
const europeVirtualNetwork = new azure.network.VirtualNetwork("europe", {
name: "europe",
location: europe.location,
resourceGroupName: europe.name,
addressSpaces: ["10.1.0.0/16"],
});
const europeGateway = new azure.network.Subnet("europe_gateway", {
name: "GatewaySubnet",
resourceGroupName: europe.name,
virtualNetworkName: europeVirtualNetwork.name,
addressPrefixes: ["10.1.1.0/24"],
});
const europePublicIp = new azure.network.PublicIp("europe", {
name: "europe",
location: europe.location,
resourceGroupName: europe.name,
allocationMethod: "Dynamic",
});
const europeVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("europe", {
name: "europe-gateway",
location: europe.location,
resourceGroupName: europe.name,
type: "Vpn",
vpnType: "RouteBased",
sku: "Basic",
ipConfigurations: [{
publicIpAddressId: europePublicIp.id,
privateIpAddressAllocation: "Dynamic",
subnetId: europeGateway.id,
}],
});
const usToEurope = new azure.network.VirtualNetworkGatewayConnection("us_to_europe", {
name: "us-to-europe",
location: us.location,
resourceGroupName: us.name,
type: "Vnet2Vnet",
virtualNetworkGatewayId: usVirtualNetworkGateway.id,
peerVirtualNetworkGatewayId: europeVirtualNetworkGateway.id,
sharedKey: "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
});
const europeToUs = new azure.network.VirtualNetworkGatewayConnection("europe_to_us", {
name: "europe-to-us",
location: europe.location,
resourceGroupName: europe.name,
type: "Vnet2Vnet",
virtualNetworkGatewayId: europeVirtualNetworkGateway.id,
peerVirtualNetworkGatewayId: usVirtualNetworkGateway.id,
sharedKey: "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
});
import pulumi
import pulumi_azure as azure
us = azure.core.ResourceGroup("us",
name="us",
location="East US")
us_virtual_network = azure.network.VirtualNetwork("us",
name="us",
location=us.location,
resource_group_name=us.name,
address_spaces=["10.0.0.0/16"])
us_gateway = azure.network.Subnet("us_gateway",
name="GatewaySubnet",
resource_group_name=us.name,
virtual_network_name=us_virtual_network.name,
address_prefixes=["10.0.1.0/24"])
us_public_ip = azure.network.PublicIp("us",
name="us",
location=us.location,
resource_group_name=us.name,
allocation_method="Dynamic")
us_virtual_network_gateway = azure.network.VirtualNetworkGateway("us",
name="us-gateway",
location=us.location,
resource_group_name=us.name,
type="Vpn",
vpn_type="RouteBased",
sku="Basic",
ip_configurations=[{
"public_ip_address_id": us_public_ip.id,
"private_ip_address_allocation": "Dynamic",
"subnet_id": us_gateway.id,
}])
europe = azure.core.ResourceGroup("europe",
name="europe",
location="West Europe")
europe_virtual_network = azure.network.VirtualNetwork("europe",
name="europe",
location=europe.location,
resource_group_name=europe.name,
address_spaces=["10.1.0.0/16"])
europe_gateway = azure.network.Subnet("europe_gateway",
name="GatewaySubnet",
resource_group_name=europe.name,
virtual_network_name=europe_virtual_network.name,
address_prefixes=["10.1.1.0/24"])
europe_public_ip = azure.network.PublicIp("europe",
name="europe",
location=europe.location,
resource_group_name=europe.name,
allocation_method="Dynamic")
europe_virtual_network_gateway = azure.network.VirtualNetworkGateway("europe",
name="europe-gateway",
location=europe.location,
resource_group_name=europe.name,
type="Vpn",
vpn_type="RouteBased",
sku="Basic",
ip_configurations=[{
"public_ip_address_id": europe_public_ip.id,
"private_ip_address_allocation": "Dynamic",
"subnet_id": europe_gateway.id,
}])
us_to_europe = azure.network.VirtualNetworkGatewayConnection("us_to_europe",
name="us-to-europe",
location=us.location,
resource_group_name=us.name,
type="Vnet2Vnet",
virtual_network_gateway_id=us_virtual_network_gateway.id,
peer_virtual_network_gateway_id=europe_virtual_network_gateway.id,
shared_key="4-v3ry-53cr37-1p53c-5h4r3d-k3y")
europe_to_us = azure.network.VirtualNetworkGatewayConnection("europe_to_us",
name="europe-to-us",
location=europe.location,
resource_group_name=europe.name,
type="Vnet2Vnet",
virtual_network_gateway_id=europe_virtual_network_gateway.id,
peer_virtual_network_gateway_id=us_virtual_network_gateway.id,
shared_key="4-v3ry-53cr37-1p53c-5h4r3d-k3y")
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
us, err := core.NewResourceGroup(ctx, "us", &core.ResourceGroupArgs{
Name: pulumi.String("us"),
Location: pulumi.String("East US"),
})
if err != nil {
return err
}
usVirtualNetwork, err := network.NewVirtualNetwork(ctx, "us", &network.VirtualNetworkArgs{
Name: pulumi.String("us"),
Location: us.Location,
ResourceGroupName: us.Name,
AddressSpaces: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
})
if err != nil {
return err
}
usGateway, err := network.NewSubnet(ctx, "us_gateway", &network.SubnetArgs{
Name: pulumi.String("GatewaySubnet"),
ResourceGroupName: us.Name,
VirtualNetworkName: usVirtualNetwork.Name,
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.1.0/24"),
},
})
if err != nil {
return err
}
usPublicIp, err := network.NewPublicIp(ctx, "us", &network.PublicIpArgs{
Name: pulumi.String("us"),
Location: us.Location,
ResourceGroupName: us.Name,
AllocationMethod: pulumi.String("Dynamic"),
})
if err != nil {
return err
}
usVirtualNetworkGateway, err := network.NewVirtualNetworkGateway(ctx, "us", &network.VirtualNetworkGatewayArgs{
Name: pulumi.String("us-gateway"),
Location: us.Location,
ResourceGroupName: us.Name,
Type: pulumi.String("Vpn"),
VpnType: pulumi.String("RouteBased"),
Sku: pulumi.String("Basic"),
IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
&network.VirtualNetworkGatewayIpConfigurationArgs{
PublicIpAddressId: usPublicIp.ID(),
PrivateIpAddressAllocation: pulumi.String("Dynamic"),
SubnetId: usGateway.ID(),
},
},
})
if err != nil {
return err
}
europe, err := core.NewResourceGroup(ctx, "europe", &core.ResourceGroupArgs{
Name: pulumi.String("europe"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
europeVirtualNetwork, err := network.NewVirtualNetwork(ctx, "europe", &network.VirtualNetworkArgs{
Name: pulumi.String("europe"),
Location: europe.Location,
ResourceGroupName: europe.Name,
AddressSpaces: pulumi.StringArray{
pulumi.String("10.1.0.0/16"),
},
})
if err != nil {
return err
}
europeGateway, err := network.NewSubnet(ctx, "europe_gateway", &network.SubnetArgs{
Name: pulumi.String("GatewaySubnet"),
ResourceGroupName: europe.Name,
VirtualNetworkName: europeVirtualNetwork.Name,
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.1.1.0/24"),
},
})
if err != nil {
return err
}
europePublicIp, err := network.NewPublicIp(ctx, "europe", &network.PublicIpArgs{
Name: pulumi.String("europe"),
Location: europe.Location,
ResourceGroupName: europe.Name,
AllocationMethod: pulumi.String("Dynamic"),
})
if err != nil {
return err
}
europeVirtualNetworkGateway, err := network.NewVirtualNetworkGateway(ctx, "europe", &network.VirtualNetworkGatewayArgs{
Name: pulumi.String("europe-gateway"),
Location: europe.Location,
ResourceGroupName: europe.Name,
Type: pulumi.String("Vpn"),
VpnType: pulumi.String("RouteBased"),
Sku: pulumi.String("Basic"),
IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
&network.VirtualNetworkGatewayIpConfigurationArgs{
PublicIpAddressId: europePublicIp.ID(),
PrivateIpAddressAllocation: pulumi.String("Dynamic"),
SubnetId: europeGateway.ID(),
},
},
})
if err != nil {
return err
}
_, err = network.NewVirtualNetworkGatewayConnection(ctx, "us_to_europe", &network.VirtualNetworkGatewayConnectionArgs{
Name: pulumi.String("us-to-europe"),
Location: us.Location,
ResourceGroupName: us.Name,
Type: pulumi.String("Vnet2Vnet"),
VirtualNetworkGatewayId: usVirtualNetworkGateway.ID(),
PeerVirtualNetworkGatewayId: europeVirtualNetworkGateway.ID(),
SharedKey: pulumi.String("4-v3ry-53cr37-1p53c-5h4r3d-k3y"),
})
if err != nil {
return err
}
_, err = network.NewVirtualNetworkGatewayConnection(ctx, "europe_to_us", &network.VirtualNetworkGatewayConnectionArgs{
Name: pulumi.String("europe-to-us"),
Location: europe.Location,
ResourceGroupName: europe.Name,
Type: pulumi.String("Vnet2Vnet"),
VirtualNetworkGatewayId: europeVirtualNetworkGateway.ID(),
PeerVirtualNetworkGatewayId: usVirtualNetworkGateway.ID(),
SharedKey: pulumi.String("4-v3ry-53cr37-1p53c-5h4r3d-k3y"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var us = new Azure.Core.ResourceGroup("us", new()
{
Name = "us",
Location = "East US",
});
var usVirtualNetwork = new Azure.Network.VirtualNetwork("us", new()
{
Name = "us",
Location = us.Location,
ResourceGroupName = us.Name,
AddressSpaces = new[]
{
"10.0.0.0/16",
},
});
var usGateway = new Azure.Network.Subnet("us_gateway", new()
{
Name = "GatewaySubnet",
ResourceGroupName = us.Name,
VirtualNetworkName = usVirtualNetwork.Name,
AddressPrefixes = new[]
{
"10.0.1.0/24",
},
});
var usPublicIp = new Azure.Network.PublicIp("us", new()
{
Name = "us",
Location = us.Location,
ResourceGroupName = us.Name,
AllocationMethod = "Dynamic",
});
var usVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("us", new()
{
Name = "us-gateway",
Location = us.Location,
ResourceGroupName = us.Name,
Type = "Vpn",
VpnType = "RouteBased",
Sku = "Basic",
IpConfigurations = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
{
PublicIpAddressId = usPublicIp.Id,
PrivateIpAddressAllocation = "Dynamic",
SubnetId = usGateway.Id,
},
},
});
var europe = new Azure.Core.ResourceGroup("europe", new()
{
Name = "europe",
Location = "West Europe",
});
var europeVirtualNetwork = new Azure.Network.VirtualNetwork("europe", new()
{
Name = "europe",
Location = europe.Location,
ResourceGroupName = europe.Name,
AddressSpaces = new[]
{
"10.1.0.0/16",
},
});
var europeGateway = new Azure.Network.Subnet("europe_gateway", new()
{
Name = "GatewaySubnet",
ResourceGroupName = europe.Name,
VirtualNetworkName = europeVirtualNetwork.Name,
AddressPrefixes = new[]
{
"10.1.1.0/24",
},
});
var europePublicIp = new Azure.Network.PublicIp("europe", new()
{
Name = "europe",
Location = europe.Location,
ResourceGroupName = europe.Name,
AllocationMethod = "Dynamic",
});
var europeVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("europe", new()
{
Name = "europe-gateway",
Location = europe.Location,
ResourceGroupName = europe.Name,
Type = "Vpn",
VpnType = "RouteBased",
Sku = "Basic",
IpConfigurations = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
{
PublicIpAddressId = europePublicIp.Id,
PrivateIpAddressAllocation = "Dynamic",
SubnetId = europeGateway.Id,
},
},
});
var usToEurope = new Azure.Network.VirtualNetworkGatewayConnection("us_to_europe", new()
{
Name = "us-to-europe",
Location = us.Location,
ResourceGroupName = us.Name,
Type = "Vnet2Vnet",
VirtualNetworkGatewayId = usVirtualNetworkGateway.Id,
PeerVirtualNetworkGatewayId = europeVirtualNetworkGateway.Id,
SharedKey = "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
});
var europeToUs = new Azure.Network.VirtualNetworkGatewayConnection("europe_to_us", new()
{
Name = "europe-to-us",
Location = europe.Location,
ResourceGroupName = europe.Name,
Type = "Vnet2Vnet",
VirtualNetworkGatewayId = europeVirtualNetworkGateway.Id,
PeerVirtualNetworkGatewayId = usVirtualNetworkGateway.Id,
SharedKey = "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.PublicIp;
import com.pulumi.azure.network.PublicIpArgs;
import com.pulumi.azure.network.VirtualNetworkGateway;
import com.pulumi.azure.network.VirtualNetworkGatewayArgs;
import com.pulumi.azure.network.inputs.VirtualNetworkGatewayIpConfigurationArgs;
import com.pulumi.azure.network.VirtualNetworkGatewayConnection;
import com.pulumi.azure.network.VirtualNetworkGatewayConnectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var us = new ResourceGroup("us", ResourceGroupArgs.builder()
.name("us")
.location("East US")
.build());
var usVirtualNetwork = new VirtualNetwork("usVirtualNetwork", VirtualNetworkArgs.builder()
.name("us")
.location(us.location())
.resourceGroupName(us.name())
.addressSpaces("10.0.0.0/16")
.build());
var usGateway = new Subnet("usGateway", SubnetArgs.builder()
.name("GatewaySubnet")
.resourceGroupName(us.name())
.virtualNetworkName(usVirtualNetwork.name())
.addressPrefixes("10.0.1.0/24")
.build());
var usPublicIp = new PublicIp("usPublicIp", PublicIpArgs.builder()
.name("us")
.location(us.location())
.resourceGroupName(us.name())
.allocationMethod("Dynamic")
.build());
var usVirtualNetworkGateway = new VirtualNetworkGateway("usVirtualNetworkGateway", VirtualNetworkGatewayArgs.builder()
.name("us-gateway")
.location(us.location())
.resourceGroupName(us.name())
.type("Vpn")
.vpnType("RouteBased")
.sku("Basic")
.ipConfigurations(VirtualNetworkGatewayIpConfigurationArgs.builder()
.publicIpAddressId(usPublicIp.id())
.privateIpAddressAllocation("Dynamic")
.subnetId(usGateway.id())
.build())
.build());
var europe = new ResourceGroup("europe", ResourceGroupArgs.builder()
.name("europe")
.location("West Europe")
.build());
var europeVirtualNetwork = new VirtualNetwork("europeVirtualNetwork", VirtualNetworkArgs.builder()
.name("europe")
.location(europe.location())
.resourceGroupName(europe.name())
.addressSpaces("10.1.0.0/16")
.build());
var europeGateway = new Subnet("europeGateway", SubnetArgs.builder()
.name("GatewaySubnet")
.resourceGroupName(europe.name())
.virtualNetworkName(europeVirtualNetwork.name())
.addressPrefixes("10.1.1.0/24")
.build());
var europePublicIp = new PublicIp("europePublicIp", PublicIpArgs.builder()
.name("europe")
.location(europe.location())
.resourceGroupName(europe.name())
.allocationMethod("Dynamic")
.build());
var europeVirtualNetworkGateway = new VirtualNetworkGateway("europeVirtualNetworkGateway", VirtualNetworkGatewayArgs.builder()
.name("europe-gateway")
.location(europe.location())
.resourceGroupName(europe.name())
.type("Vpn")
.vpnType("RouteBased")
.sku("Basic")
.ipConfigurations(VirtualNetworkGatewayIpConfigurationArgs.builder()
.publicIpAddressId(europePublicIp.id())
.privateIpAddressAllocation("Dynamic")
.subnetId(europeGateway.id())
.build())
.build());
var usToEurope = new VirtualNetworkGatewayConnection("usToEurope", VirtualNetworkGatewayConnectionArgs.builder()
.name("us-to-europe")
.location(us.location())
.resourceGroupName(us.name())
.type("Vnet2Vnet")
.virtualNetworkGatewayId(usVirtualNetworkGateway.id())
.peerVirtualNetworkGatewayId(europeVirtualNetworkGateway.id())
.sharedKey("4-v3ry-53cr37-1p53c-5h4r3d-k3y")
.build());
var europeToUs = new VirtualNetworkGatewayConnection("europeToUs", VirtualNetworkGatewayConnectionArgs.builder()
.name("europe-to-us")
.location(europe.location())
.resourceGroupName(europe.name())
.type("Vnet2Vnet")
.virtualNetworkGatewayId(europeVirtualNetworkGateway.id())
.peerVirtualNetworkGatewayId(usVirtualNetworkGateway.id())
.sharedKey("4-v3ry-53cr37-1p53c-5h4r3d-k3y")
.build());
}
}
resources:
us:
type: azure:core:ResourceGroup
properties:
name: us
location: East US
usVirtualNetwork:
type: azure:network:VirtualNetwork
name: us
properties:
name: us
location: ${us.location}
resourceGroupName: ${us.name}
addressSpaces:
- 10.0.0.0/16
usGateway:
type: azure:network:Subnet
name: us_gateway
properties:
name: GatewaySubnet
resourceGroupName: ${us.name}
virtualNetworkName: ${usVirtualNetwork.name}
addressPrefixes:
- 10.0.1.0/24
usPublicIp:
type: azure:network:PublicIp
name: us
properties:
name: us
location: ${us.location}
resourceGroupName: ${us.name}
allocationMethod: Dynamic
usVirtualNetworkGateway:
type: azure:network:VirtualNetworkGateway
name: us
properties:
name: us-gateway
location: ${us.location}
resourceGroupName: ${us.name}
type: Vpn
vpnType: RouteBased
sku: Basic
ipConfigurations:
- publicIpAddressId: ${usPublicIp.id}
privateIpAddressAllocation: Dynamic
subnetId: ${usGateway.id}
europe:
type: azure:core:ResourceGroup
properties:
name: europe
location: West Europe
europeVirtualNetwork:
type: azure:network:VirtualNetwork
name: europe
properties:
name: europe
location: ${europe.location}
resourceGroupName: ${europe.name}
addressSpaces:
- 10.1.0.0/16
europeGateway:
type: azure:network:Subnet
name: europe_gateway
properties:
name: GatewaySubnet
resourceGroupName: ${europe.name}
virtualNetworkName: ${europeVirtualNetwork.name}
addressPrefixes:
- 10.1.1.0/24
europePublicIp:
type: azure:network:PublicIp
name: europe
properties:
name: europe
location: ${europe.location}
resourceGroupName: ${europe.name}
allocationMethod: Dynamic
europeVirtualNetworkGateway:
type: azure:network:VirtualNetworkGateway
name: europe
properties:
name: europe-gateway
location: ${europe.location}
resourceGroupName: ${europe.name}
type: Vpn
vpnType: RouteBased
sku: Basic
ipConfigurations:
- publicIpAddressId: ${europePublicIp.id}
privateIpAddressAllocation: Dynamic
subnetId: ${europeGateway.id}
usToEurope:
type: azure:network:VirtualNetworkGatewayConnection
name: us_to_europe
properties:
name: us-to-europe
location: ${us.location}
resourceGroupName: ${us.name}
type: Vnet2Vnet
virtualNetworkGatewayId: ${usVirtualNetworkGateway.id}
peerVirtualNetworkGatewayId: ${europeVirtualNetworkGateway.id}
sharedKey: 4-v3ry-53cr37-1p53c-5h4r3d-k3y
europeToUs:
type: azure:network:VirtualNetworkGatewayConnection
name: europe_to_us
properties:
name: europe-to-us
location: ${europe.location}
resourceGroupName: ${europe.name}
type: Vnet2Vnet
virtualNetworkGatewayId: ${europeVirtualNetworkGateway.id}
peerVirtualNetworkGatewayId: ${usVirtualNetworkGateway.id}
sharedKey: 4-v3ry-53cr37-1p53c-5h4r3d-k3y
Create VirtualNetworkGatewayConnection Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new VirtualNetworkGatewayConnection(name: string, args: VirtualNetworkGatewayConnectionArgs, opts?: CustomResourceOptions);
@overload
def VirtualNetworkGatewayConnection(resource_name: str,
args: VirtualNetworkGatewayConnectionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def VirtualNetworkGatewayConnection(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_group_name: Optional[str] = None,
virtual_network_gateway_id: Optional[str] = None,
type: Optional[str] = None,
local_network_gateway_id: Optional[str] = None,
name: Optional[str] = None,
egress_nat_rule_ids: Optional[Sequence[str]] = None,
enable_bgp: Optional[bool] = None,
express_route_circuit_id: Optional[str] = None,
express_route_gateway_bypass: Optional[bool] = None,
ingress_nat_rule_ids: Optional[Sequence[str]] = None,
ipsec_policy: Optional[VirtualNetworkGatewayConnectionIpsecPolicyArgs] = None,
local_azure_ip_address_enabled: Optional[bool] = None,
authorization_key: Optional[str] = None,
location: Optional[str] = None,
dpd_timeout_seconds: Optional[int] = None,
peer_virtual_network_gateway_id: Optional[str] = None,
private_link_fast_path_enabled: Optional[bool] = None,
custom_bgp_addresses: Optional[VirtualNetworkGatewayConnectionCustomBgpAddressesArgs] = None,
routing_weight: Optional[int] = None,
shared_key: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
traffic_selector_policy: Optional[VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs] = None,
connection_protocol: Optional[str] = None,
use_policy_based_traffic_selectors: Optional[bool] = None,
connection_mode: Optional[str] = None)
func NewVirtualNetworkGatewayConnection(ctx *Context, name string, args VirtualNetworkGatewayConnectionArgs, opts ...ResourceOption) (*VirtualNetworkGatewayConnection, error)
public VirtualNetworkGatewayConnection(string name, VirtualNetworkGatewayConnectionArgs args, CustomResourceOptions? opts = null)
public VirtualNetworkGatewayConnection(String name, VirtualNetworkGatewayConnectionArgs args)
public VirtualNetworkGatewayConnection(String name, VirtualNetworkGatewayConnectionArgs args, CustomResourceOptions options)
type: azure:network:VirtualNetworkGatewayConnection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args VirtualNetworkGatewayConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args VirtualNetworkGatewayConnectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args VirtualNetworkGatewayConnectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VirtualNetworkGatewayConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args VirtualNetworkGatewayConnectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var virtualNetworkGatewayConnectionResource = new Azure.Network.VirtualNetworkGatewayConnection("virtualNetworkGatewayConnectionResource", new()
{
ResourceGroupName = "string",
VirtualNetworkGatewayId = "string",
Type = "string",
LocalNetworkGatewayId = "string",
Name = "string",
EgressNatRuleIds = new[]
{
"string",
},
EnableBgp = false,
ExpressRouteCircuitId = "string",
ExpressRouteGatewayBypass = false,
IngressNatRuleIds = new[]
{
"string",
},
IpsecPolicy = new Azure.Network.Inputs.VirtualNetworkGatewayConnectionIpsecPolicyArgs
{
DhGroup = "string",
IkeEncryption = "string",
IkeIntegrity = "string",
IpsecEncryption = "string",
IpsecIntegrity = "string",
PfsGroup = "string",
SaDatasize = 0,
SaLifetime = 0,
},
LocalAzureIpAddressEnabled = false,
AuthorizationKey = "string",
Location = "string",
DpdTimeoutSeconds = 0,
PeerVirtualNetworkGatewayId = "string",
PrivateLinkFastPathEnabled = false,
CustomBgpAddresses = new Azure.Network.Inputs.VirtualNetworkGatewayConnectionCustomBgpAddressesArgs
{
Primary = "string",
Secondary = "string",
},
RoutingWeight = 0,
SharedKey = "string",
Tags =
{
{ "string", "string" },
},
TrafficSelectorPolicy = new Azure.Network.Inputs.VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs
{
LocalAddressCidrs = new[]
{
"string",
},
RemoteAddressCidrs = new[]
{
"string",
},
},
ConnectionProtocol = "string",
UsePolicyBasedTrafficSelectors = false,
ConnectionMode = "string",
});
example, err := network.NewVirtualNetworkGatewayConnection(ctx, "virtualNetworkGatewayConnectionResource", &network.VirtualNetworkGatewayConnectionArgs{
ResourceGroupName: pulumi.String("string"),
VirtualNetworkGatewayId: pulumi.String("string"),
Type: pulumi.String("string"),
LocalNetworkGatewayId: pulumi.String("string"),
Name: pulumi.String("string"),
EgressNatRuleIds: pulumi.StringArray{
pulumi.String("string"),
},
EnableBgp: pulumi.Bool(false),
ExpressRouteCircuitId: pulumi.String("string"),
ExpressRouteGatewayBypass: pulumi.Bool(false),
IngressNatRuleIds: pulumi.StringArray{
pulumi.String("string"),
},
IpsecPolicy: &network.VirtualNetworkGatewayConnectionIpsecPolicyArgs{
DhGroup: pulumi.String("string"),
IkeEncryption: pulumi.String("string"),
IkeIntegrity: pulumi.String("string"),
IpsecEncryption: pulumi.String("string"),
IpsecIntegrity: pulumi.String("string"),
PfsGroup: pulumi.String("string"),
SaDatasize: pulumi.Int(0),
SaLifetime: pulumi.Int(0),
},
LocalAzureIpAddressEnabled: pulumi.Bool(false),
AuthorizationKey: pulumi.String("string"),
Location: pulumi.String("string"),
DpdTimeoutSeconds: pulumi.Int(0),
PeerVirtualNetworkGatewayId: pulumi.String("string"),
PrivateLinkFastPathEnabled: pulumi.Bool(false),
CustomBgpAddresses: &network.VirtualNetworkGatewayConnectionCustomBgpAddressesArgs{
Primary: pulumi.String("string"),
Secondary: pulumi.String("string"),
},
RoutingWeight: pulumi.Int(0),
SharedKey: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
TrafficSelectorPolicy: &network.VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs{
LocalAddressCidrs: pulumi.StringArray{
pulumi.String("string"),
},
RemoteAddressCidrs: pulumi.StringArray{
pulumi.String("string"),
},
},
ConnectionProtocol: pulumi.String("string"),
UsePolicyBasedTrafficSelectors: pulumi.Bool(false),
ConnectionMode: pulumi.String("string"),
})
var virtualNetworkGatewayConnectionResource = new VirtualNetworkGatewayConnection("virtualNetworkGatewayConnectionResource", VirtualNetworkGatewayConnectionArgs.builder()
.resourceGroupName("string")
.virtualNetworkGatewayId("string")
.type("string")
.localNetworkGatewayId("string")
.name("string")
.egressNatRuleIds("string")
.enableBgp(false)
.expressRouteCircuitId("string")
.expressRouteGatewayBypass(false)
.ingressNatRuleIds("string")
.ipsecPolicy(VirtualNetworkGatewayConnectionIpsecPolicyArgs.builder()
.dhGroup("string")
.ikeEncryption("string")
.ikeIntegrity("string")
.ipsecEncryption("string")
.ipsecIntegrity("string")
.pfsGroup("string")
.saDatasize(0)
.saLifetime(0)
.build())
.localAzureIpAddressEnabled(false)
.authorizationKey("string")
.location("string")
.dpdTimeoutSeconds(0)
.peerVirtualNetworkGatewayId("string")
.privateLinkFastPathEnabled(false)
.customBgpAddresses(VirtualNetworkGatewayConnectionCustomBgpAddressesArgs.builder()
.primary("string")
.secondary("string")
.build())
.routingWeight(0)
.sharedKey("string")
.tags(Map.of("string", "string"))
.trafficSelectorPolicy(VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs.builder()
.localAddressCidrs("string")
.remoteAddressCidrs("string")
.build())
.connectionProtocol("string")
.usePolicyBasedTrafficSelectors(false)
.connectionMode("string")
.build());
virtual_network_gateway_connection_resource = azure.network.VirtualNetworkGatewayConnection("virtualNetworkGatewayConnectionResource",
resource_group_name="string",
virtual_network_gateway_id="string",
type="string",
local_network_gateway_id="string",
name="string",
egress_nat_rule_ids=["string"],
enable_bgp=False,
express_route_circuit_id="string",
express_route_gateway_bypass=False,
ingress_nat_rule_ids=["string"],
ipsec_policy={
"dh_group": "string",
"ike_encryption": "string",
"ike_integrity": "string",
"ipsec_encryption": "string",
"ipsec_integrity": "string",
"pfs_group": "string",
"sa_datasize": 0,
"sa_lifetime": 0,
},
local_azure_ip_address_enabled=False,
authorization_key="string",
location="string",
dpd_timeout_seconds=0,
peer_virtual_network_gateway_id="string",
private_link_fast_path_enabled=False,
custom_bgp_addresses={
"primary": "string",
"secondary": "string",
},
routing_weight=0,
shared_key="string",
tags={
"string": "string",
},
traffic_selector_policy={
"local_address_cidrs": ["string"],
"remote_address_cidrs": ["string"],
},
connection_protocol="string",
use_policy_based_traffic_selectors=False,
connection_mode="string")
const virtualNetworkGatewayConnectionResource = new azure.network.VirtualNetworkGatewayConnection("virtualNetworkGatewayConnectionResource", {
resourceGroupName: "string",
virtualNetworkGatewayId: "string",
type: "string",
localNetworkGatewayId: "string",
name: "string",
egressNatRuleIds: ["string"],
enableBgp: false,
expressRouteCircuitId: "string",
expressRouteGatewayBypass: false,
ingressNatRuleIds: ["string"],
ipsecPolicy: {
dhGroup: "string",
ikeEncryption: "string",
ikeIntegrity: "string",
ipsecEncryption: "string",
ipsecIntegrity: "string",
pfsGroup: "string",
saDatasize: 0,
saLifetime: 0,
},
localAzureIpAddressEnabled: false,
authorizationKey: "string",
location: "string",
dpdTimeoutSeconds: 0,
peerVirtualNetworkGatewayId: "string",
privateLinkFastPathEnabled: false,
customBgpAddresses: {
primary: "string",
secondary: "string",
},
routingWeight: 0,
sharedKey: "string",
tags: {
string: "string",
},
trafficSelectorPolicy: {
localAddressCidrs: ["string"],
remoteAddressCidrs: ["string"],
},
connectionProtocol: "string",
usePolicyBasedTrafficSelectors: false,
connectionMode: "string",
});
type: azure:network:VirtualNetworkGatewayConnection
properties:
authorizationKey: string
connectionMode: string
connectionProtocol: string
customBgpAddresses:
primary: string
secondary: string
dpdTimeoutSeconds: 0
egressNatRuleIds:
- string
enableBgp: false
expressRouteCircuitId: string
expressRouteGatewayBypass: false
ingressNatRuleIds:
- string
ipsecPolicy:
dhGroup: string
ikeEncryption: string
ikeIntegrity: string
ipsecEncryption: string
ipsecIntegrity: string
pfsGroup: string
saDatasize: 0
saLifetime: 0
localAzureIpAddressEnabled: false
localNetworkGatewayId: string
location: string
name: string
peerVirtualNetworkGatewayId: string
privateLinkFastPathEnabled: false
resourceGroupName: string
routingWeight: 0
sharedKey: string
tags:
string: string
trafficSelectorPolicy:
localAddressCidrs:
- string
remoteAddressCidrs:
- string
type: string
usePolicyBasedTrafficSelectors: false
virtualNetworkGatewayId: string
VirtualNetworkGatewayConnection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The VirtualNetworkGatewayConnection resource accepts the following input properties:
- Resource
Group stringName - The name of the resource group in which to create the connection Changing this forces a new resource to be created.
- Type string
- The type of connection. Valid options are
IPsec
(Site-to-Site),ExpressRoute
(ExpressRoute), andVnet2Vnet
(VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created. - Virtual
Network stringGateway Id - The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
- string
- The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
- Connection
Mode string - Connection mode to use. Possible values are
Default
,InitiatorOnly
andResponderOnly
. Defaults toDefault
. Changing this value will force a resource to be created. - Connection
Protocol string The IKE protocol version to use. Possible values are
IKEv1
andIKEv2
, values areIKEv1
andIKEv2
. Defaults toIKEv2
. Changing this forces a new resource to be created.Note: Only valid for
IPSec
connections on virtual network gateways with SKUVpnGw1
,VpnGw2
,VpnGw3
,VpnGw1AZ
,VpnGw2AZ
orVpnGw3AZ
.- Custom
Bgp VirtualAddresses Network Gateway Connection Custom Bgp Addresses - A
custom_bgp_addresses
block which is documented below. The block can only be used onIPSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. - Dpd
Timeout intSeconds - The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
- Egress
Nat List<string>Rule Ids - A list of the egress NAT Rule Ids.
- Enable
Bgp bool - If
true
, BGP (Border Gateway Protocol) is enabled for this connection. Defaults tofalse
. - Express
Route stringCircuit Id - The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when
type
isExpressRoute
). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created. - Express
Route boolGateway Bypass - If
true
, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections. - Ingress
Nat List<string>Rule Ids - A list of the ingress NAT Rule Ids.
- Ipsec
Policy VirtualNetwork Gateway Connection Ipsec Policy - A
ipsec_policy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. - Local
Azure boolIp Address Enabled - Use private local Azure IP for the connection. Changing this forces a new resource to be created.
- Local
Network stringGateway Id - The ID of the local network gateway when creating Site-to-Site connection (i.e. when
type
isIPsec
). - Location string
- The location/region where the connection is located. Changing this forces a new resource to be created.
- Name string
- The name of the connection. Changing the name forces a new resource to be created.
- Peer
Virtual stringNetwork Gateway Id - The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when
type
isVnet2Vnet
). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created. - Private
Link boolFast Path Enabled - Bypass the Express Route gateway when accessing private-links. When enabled
express_route_gateway_bypass
must be set totrue
. Defaults tofalse
. - Routing
Weight int - The routing weight. Defaults to
10
. - string
- The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Traffic
Selector VirtualPolicy Network Gateway Connection Traffic Selector Policy - One or more
traffic_selector_policy
blocks which are documented below. Atraffic_selector_policy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. - Use
Policy boolBased Traffic Selectors - If
true
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsec_policy
block. Defaults tofalse
.
- Resource
Group stringName - The name of the resource group in which to create the connection Changing this forces a new resource to be created.
- Type string
- The type of connection. Valid options are
IPsec
(Site-to-Site),ExpressRoute
(ExpressRoute), andVnet2Vnet
(VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created. - Virtual
Network stringGateway Id - The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
- string
- The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
- Connection
Mode string - Connection mode to use. Possible values are
Default
,InitiatorOnly
andResponderOnly
. Defaults toDefault
. Changing this value will force a resource to be created. - Connection
Protocol string The IKE protocol version to use. Possible values are
IKEv1
andIKEv2
, values areIKEv1
andIKEv2
. Defaults toIKEv2
. Changing this forces a new resource to be created.Note: Only valid for
IPSec
connections on virtual network gateways with SKUVpnGw1
,VpnGw2
,VpnGw3
,VpnGw1AZ
,VpnGw2AZ
orVpnGw3AZ
.- Custom
Bgp VirtualAddresses Network Gateway Connection Custom Bgp Addresses Args - A
custom_bgp_addresses
block which is documented below. The block can only be used onIPSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. - Dpd
Timeout intSeconds - The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
- Egress
Nat []stringRule Ids - A list of the egress NAT Rule Ids.
- Enable
Bgp bool - If
true
, BGP (Border Gateway Protocol) is enabled for this connection. Defaults tofalse
. - Express
Route stringCircuit Id - The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when
type
isExpressRoute
). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created. - Express
Route boolGateway Bypass - If
true
, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections. - Ingress
Nat []stringRule Ids - A list of the ingress NAT Rule Ids.
- Ipsec
Policy VirtualNetwork Gateway Connection Ipsec Policy Args - A
ipsec_policy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. - Local
Azure boolIp Address Enabled - Use private local Azure IP for the connection. Changing this forces a new resource to be created.
- Local
Network stringGateway Id - The ID of the local network gateway when creating Site-to-Site connection (i.e. when
type
isIPsec
). - Location string
- The location/region where the connection is located. Changing this forces a new resource to be created.
- Name string
- The name of the connection. Changing the name forces a new resource to be created.
- Peer
Virtual stringNetwork Gateway Id - The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when
type
isVnet2Vnet
). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created. - Private
Link boolFast Path Enabled - Bypass the Express Route gateway when accessing private-links. When enabled
express_route_gateway_bypass
must be set totrue
. Defaults tofalse
. - Routing
Weight int - The routing weight. Defaults to
10
. - string
- The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
- map[string]string
- A mapping of tags to assign to the resource.
- Traffic
Selector VirtualPolicy Network Gateway Connection Traffic Selector Policy Args - One or more
traffic_selector_policy
blocks which are documented below. Atraffic_selector_policy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. - Use
Policy boolBased Traffic Selectors - If
true
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsec_policy
block. Defaults tofalse
.
- resource
Group StringName - The name of the resource group in which to create the connection Changing this forces a new resource to be created.
- type String
- The type of connection. Valid options are
IPsec
(Site-to-Site),ExpressRoute
(ExpressRoute), andVnet2Vnet
(VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created. - virtual
Network StringGateway Id - The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
- String
- The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
- connection
Mode String - Connection mode to use. Possible values are
Default
,InitiatorOnly
andResponderOnly
. Defaults toDefault
. Changing this value will force a resource to be created. - connection
Protocol String The IKE protocol version to use. Possible values are
IKEv1
andIKEv2
, values areIKEv1
andIKEv2
. Defaults toIKEv2
. Changing this forces a new resource to be created.Note: Only valid for
IPSec
connections on virtual network gateways with SKUVpnGw1
,VpnGw2
,VpnGw3
,VpnGw1AZ
,VpnGw2AZ
orVpnGw3AZ
.- custom
Bgp VirtualAddresses Network Gateway Connection Custom Bgp Addresses - A
custom_bgp_addresses
block which is documented below. The block can only be used onIPSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. - dpd
Timeout IntegerSeconds - The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
- egress
Nat List<String>Rule Ids - A list of the egress NAT Rule Ids.
- enable
Bgp Boolean - If
true
, BGP (Border Gateway Protocol) is enabled for this connection. Defaults tofalse
. - express
Route StringCircuit Id - The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when
type
isExpressRoute
). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created. - express
Route BooleanGateway Bypass - If
true
, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections. - ingress
Nat List<String>Rule Ids - A list of the ingress NAT Rule Ids.
- ipsec
Policy VirtualNetwork Gateway Connection Ipsec Policy - A
ipsec_policy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. - local
Azure BooleanIp Address Enabled - Use private local Azure IP for the connection. Changing this forces a new resource to be created.
- local
Network StringGateway Id - The ID of the local network gateway when creating Site-to-Site connection (i.e. when
type
isIPsec
). - location String
- The location/region where the connection is located. Changing this forces a new resource to be created.
- name String
- The name of the connection. Changing the name forces a new resource to be created.
- peer
Virtual StringNetwork Gateway Id - The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when
type
isVnet2Vnet
). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created. - private
Link BooleanFast Path Enabled - Bypass the Express Route gateway when accessing private-links. When enabled
express_route_gateway_bypass
must be set totrue
. Defaults tofalse
. - routing
Weight Integer - The routing weight. Defaults to
10
. - String
- The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
- Map<String,String>
- A mapping of tags to assign to the resource.
- traffic
Selector VirtualPolicy Network Gateway Connection Traffic Selector Policy - One or more
traffic_selector_policy
blocks which are documented below. Atraffic_selector_policy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. - use
Policy BooleanBased Traffic Selectors - If
true
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsec_policy
block. Defaults tofalse
.
- resource
Group stringName - The name of the resource group in which to create the connection Changing this forces a new resource to be created.
- type string
- The type of connection. Valid options are
IPsec
(Site-to-Site),ExpressRoute
(ExpressRoute), andVnet2Vnet
(VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created. - virtual
Network stringGateway Id - The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
- string
- The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
- connection
Mode string - Connection mode to use. Possible values are
Default
,InitiatorOnly
andResponderOnly
. Defaults toDefault
. Changing this value will force a resource to be created. - connection
Protocol string The IKE protocol version to use. Possible values are
IKEv1
andIKEv2
, values areIKEv1
andIKEv2
. Defaults toIKEv2
. Changing this forces a new resource to be created.Note: Only valid for
IPSec
connections on virtual network gateways with SKUVpnGw1
,VpnGw2
,VpnGw3
,VpnGw1AZ
,VpnGw2AZ
orVpnGw3AZ
.- custom
Bgp VirtualAddresses Network Gateway Connection Custom Bgp Addresses - A
custom_bgp_addresses
block which is documented below. The block can only be used onIPSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. - dpd
Timeout numberSeconds - The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
- egress
Nat string[]Rule Ids - A list of the egress NAT Rule Ids.
- enable
Bgp boolean - If
true
, BGP (Border Gateway Protocol) is enabled for this connection. Defaults tofalse
. - express
Route stringCircuit Id - The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when
type
isExpressRoute
). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created. - express
Route booleanGateway Bypass - If
true
, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections. - ingress
Nat string[]Rule Ids - A list of the ingress NAT Rule Ids.
- ipsec
Policy VirtualNetwork Gateway Connection Ipsec Policy - A
ipsec_policy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. - local
Azure booleanIp Address Enabled - Use private local Azure IP for the connection. Changing this forces a new resource to be created.
- local
Network stringGateway Id - The ID of the local network gateway when creating Site-to-Site connection (i.e. when
type
isIPsec
). - location string
- The location/region where the connection is located. Changing this forces a new resource to be created.
- name string
- The name of the connection. Changing the name forces a new resource to be created.
- peer
Virtual stringNetwork Gateway Id - The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when
type
isVnet2Vnet
). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created. - private
Link booleanFast Path Enabled - Bypass the Express Route gateway when accessing private-links. When enabled
express_route_gateway_bypass
must be set totrue
. Defaults tofalse
. - routing
Weight number - The routing weight. Defaults to
10
. - string
- The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
- {[key: string]: string}
- A mapping of tags to assign to the resource.
- traffic
Selector VirtualPolicy Network Gateway Connection Traffic Selector Policy - One or more
traffic_selector_policy
blocks which are documented below. Atraffic_selector_policy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. - use
Policy booleanBased Traffic Selectors - If
true
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsec_policy
block. Defaults tofalse
.
- resource_
group_ strname - The name of the resource group in which to create the connection Changing this forces a new resource to be created.
- type str
- The type of connection. Valid options are
IPsec
(Site-to-Site),ExpressRoute
(ExpressRoute), andVnet2Vnet
(VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created. - virtual_
network_ strgateway_ id - The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
- str
- The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
- connection_
mode str - Connection mode to use. Possible values are
Default
,InitiatorOnly
andResponderOnly
. Defaults toDefault
. Changing this value will force a resource to be created. - connection_
protocol str The IKE protocol version to use. Possible values are
IKEv1
andIKEv2
, values areIKEv1
andIKEv2
. Defaults toIKEv2
. Changing this forces a new resource to be created.Note: Only valid for
IPSec
connections on virtual network gateways with SKUVpnGw1
,VpnGw2
,VpnGw3
,VpnGw1AZ
,VpnGw2AZ
orVpnGw3AZ
.- custom_
bgp_ Virtualaddresses Network Gateway Connection Custom Bgp Addresses Args - A
custom_bgp_addresses
block which is documented below. The block can only be used onIPSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. - dpd_
timeout_ intseconds - The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
- egress_
nat_ Sequence[str]rule_ ids - A list of the egress NAT Rule Ids.
- enable_
bgp bool - If
true
, BGP (Border Gateway Protocol) is enabled for this connection. Defaults tofalse
. - express_
route_ strcircuit_ id - The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when
type
isExpressRoute
). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created. - express_
route_ boolgateway_ bypass - If
true
, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections. - ingress_
nat_ Sequence[str]rule_ ids - A list of the ingress NAT Rule Ids.
- ipsec_
policy VirtualNetwork Gateway Connection Ipsec Policy Args - A
ipsec_policy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. - local_
azure_ boolip_ address_ enabled - Use private local Azure IP for the connection. Changing this forces a new resource to be created.
- local_
network_ strgateway_ id - The ID of the local network gateway when creating Site-to-Site connection (i.e. when
type
isIPsec
). - location str
- The location/region where the connection is located. Changing this forces a new resource to be created.
- name str
- The name of the connection. Changing the name forces a new resource to be created.
- peer_
virtual_ strnetwork_ gateway_ id - The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when
type
isVnet2Vnet
). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created. - private_
link_ boolfast_ path_ enabled - Bypass the Express Route gateway when accessing private-links. When enabled
express_route_gateway_bypass
must be set totrue
. Defaults tofalse
. - routing_
weight int - The routing weight. Defaults to
10
. - str
- The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
- Mapping[str, str]
- A mapping of tags to assign to the resource.
- traffic_
selector_ Virtualpolicy Network Gateway Connection Traffic Selector Policy Args - One or more
traffic_selector_policy
blocks which are documented below. Atraffic_selector_policy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. - use_
policy_ boolbased_ traffic_ selectors - If
true
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsec_policy
block. Defaults tofalse
.
- resource
Group StringName - The name of the resource group in which to create the connection Changing this forces a new resource to be created.
- type String
- The type of connection. Valid options are
IPsec
(Site-to-Site),ExpressRoute
(ExpressRoute), andVnet2Vnet
(VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created. - virtual
Network StringGateway Id - The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
- String
- The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
- connection
Mode String - Connection mode to use. Possible values are
Default
,InitiatorOnly
andResponderOnly
. Defaults toDefault
. Changing this value will force a resource to be created. - connection
Protocol String The IKE protocol version to use. Possible values are
IKEv1
andIKEv2
, values areIKEv1
andIKEv2
. Defaults toIKEv2
. Changing this forces a new resource to be created.Note: Only valid for
IPSec
connections on virtual network gateways with SKUVpnGw1
,VpnGw2
,VpnGw3
,VpnGw1AZ
,VpnGw2AZ
orVpnGw3AZ
.- custom
Bgp Property MapAddresses - A
custom_bgp_addresses
block which is documented below. The block can only be used onIPSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. - dpd
Timeout NumberSeconds - The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
- egress
Nat List<String>Rule Ids - A list of the egress NAT Rule Ids.
- enable
Bgp Boolean - If
true
, BGP (Border Gateway Protocol) is enabled for this connection. Defaults tofalse
. - express
Route StringCircuit Id - The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when
type
isExpressRoute
). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created. - express
Route BooleanGateway Bypass - If
true
, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections. - ingress
Nat List<String>Rule Ids - A list of the ingress NAT Rule Ids.
- ipsec
Policy Property Map - A
ipsec_policy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. - local
Azure BooleanIp Address Enabled - Use private local Azure IP for the connection. Changing this forces a new resource to be created.
- local
Network StringGateway Id - The ID of the local network gateway when creating Site-to-Site connection (i.e. when
type
isIPsec
). - location String
- The location/region where the connection is located. Changing this forces a new resource to be created.
- name String
- The name of the connection. Changing the name forces a new resource to be created.
- peer
Virtual StringNetwork Gateway Id - The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when
type
isVnet2Vnet
). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created. - private
Link BooleanFast Path Enabled - Bypass the Express Route gateway when accessing private-links. When enabled
express_route_gateway_bypass
must be set totrue
. Defaults tofalse
. - routing
Weight Number - The routing weight. Defaults to
10
. - String
- The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
- Map<String>
- A mapping of tags to assign to the resource.
- traffic
Selector Property MapPolicy - One or more
traffic_selector_policy
blocks which are documented below. Atraffic_selector_policy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. - use
Policy BooleanBased Traffic Selectors - If
true
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsec_policy
block. Defaults tofalse
.
Outputs
All input properties are implicitly available as output properties. Additionally, the VirtualNetworkGatewayConnection resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing VirtualNetworkGatewayConnection Resource
Get an existing VirtualNetworkGatewayConnection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: VirtualNetworkGatewayConnectionState, opts?: CustomResourceOptions): VirtualNetworkGatewayConnection
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
authorization_key: Optional[str] = None,
connection_mode: Optional[str] = None,
connection_protocol: Optional[str] = None,
custom_bgp_addresses: Optional[VirtualNetworkGatewayConnectionCustomBgpAddressesArgs] = None,
dpd_timeout_seconds: Optional[int] = None,
egress_nat_rule_ids: Optional[Sequence[str]] = None,
enable_bgp: Optional[bool] = None,
express_route_circuit_id: Optional[str] = None,
express_route_gateway_bypass: Optional[bool] = None,
ingress_nat_rule_ids: Optional[Sequence[str]] = None,
ipsec_policy: Optional[VirtualNetworkGatewayConnectionIpsecPolicyArgs] = None,
local_azure_ip_address_enabled: Optional[bool] = None,
local_network_gateway_id: Optional[str] = None,
location: Optional[str] = None,
name: Optional[str] = None,
peer_virtual_network_gateway_id: Optional[str] = None,
private_link_fast_path_enabled: Optional[bool] = None,
resource_group_name: Optional[str] = None,
routing_weight: Optional[int] = None,
shared_key: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
traffic_selector_policy: Optional[VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs] = None,
type: Optional[str] = None,
use_policy_based_traffic_selectors: Optional[bool] = None,
virtual_network_gateway_id: Optional[str] = None) -> VirtualNetworkGatewayConnection
func GetVirtualNetworkGatewayConnection(ctx *Context, name string, id IDInput, state *VirtualNetworkGatewayConnectionState, opts ...ResourceOption) (*VirtualNetworkGatewayConnection, error)
public static VirtualNetworkGatewayConnection Get(string name, Input<string> id, VirtualNetworkGatewayConnectionState? state, CustomResourceOptions? opts = null)
public static VirtualNetworkGatewayConnection get(String name, Output<String> id, VirtualNetworkGatewayConnectionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- string
- The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
- Connection
Mode string - Connection mode to use. Possible values are
Default
,InitiatorOnly
andResponderOnly
. Defaults toDefault
. Changing this value will force a resource to be created. - Connection
Protocol string The IKE protocol version to use. Possible values are
IKEv1
andIKEv2
, values areIKEv1
andIKEv2
. Defaults toIKEv2
. Changing this forces a new resource to be created.Note: Only valid for
IPSec
connections on virtual network gateways with SKUVpnGw1
,VpnGw2
,VpnGw3
,VpnGw1AZ
,VpnGw2AZ
orVpnGw3AZ
.- Custom
Bgp VirtualAddresses Network Gateway Connection Custom Bgp Addresses - A
custom_bgp_addresses
block which is documented below. The block can only be used onIPSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. - Dpd
Timeout intSeconds - The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
- Egress
Nat List<string>Rule Ids - A list of the egress NAT Rule Ids.
- Enable
Bgp bool - If
true
, BGP (Border Gateway Protocol) is enabled for this connection. Defaults tofalse
. - Express
Route stringCircuit Id - The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when
type
isExpressRoute
). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created. - Express
Route boolGateway Bypass - If
true
, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections. - Ingress
Nat List<string>Rule Ids - A list of the ingress NAT Rule Ids.
- Ipsec
Policy VirtualNetwork Gateway Connection Ipsec Policy - A
ipsec_policy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. - Local
Azure boolIp Address Enabled - Use private local Azure IP for the connection. Changing this forces a new resource to be created.
- Local
Network stringGateway Id - The ID of the local network gateway when creating Site-to-Site connection (i.e. when
type
isIPsec
). - Location string
- The location/region where the connection is located. Changing this forces a new resource to be created.
- Name string
- The name of the connection. Changing the name forces a new resource to be created.
- Peer
Virtual stringNetwork Gateway Id - The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when
type
isVnet2Vnet
). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created. - Private
Link boolFast Path Enabled - Bypass the Express Route gateway when accessing private-links. When enabled
express_route_gateway_bypass
must be set totrue
. Defaults tofalse
. - Resource
Group stringName - The name of the resource group in which to create the connection Changing this forces a new resource to be created.
- Routing
Weight int - The routing weight. Defaults to
10
. - string
- The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
- Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Traffic
Selector VirtualPolicy Network Gateway Connection Traffic Selector Policy - One or more
traffic_selector_policy
blocks which are documented below. Atraffic_selector_policy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. - Type string
- The type of connection. Valid options are
IPsec
(Site-to-Site),ExpressRoute
(ExpressRoute), andVnet2Vnet
(VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created. - Use
Policy boolBased Traffic Selectors - If
true
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsec_policy
block. Defaults tofalse
. - Virtual
Network stringGateway Id - The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
- string
- The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
- Connection
Mode string - Connection mode to use. Possible values are
Default
,InitiatorOnly
andResponderOnly
. Defaults toDefault
. Changing this value will force a resource to be created. - Connection
Protocol string The IKE protocol version to use. Possible values are
IKEv1
andIKEv2
, values areIKEv1
andIKEv2
. Defaults toIKEv2
. Changing this forces a new resource to be created.Note: Only valid for
IPSec
connections on virtual network gateways with SKUVpnGw1
,VpnGw2
,VpnGw3
,VpnGw1AZ
,VpnGw2AZ
orVpnGw3AZ
.- Custom
Bgp VirtualAddresses Network Gateway Connection Custom Bgp Addresses Args - A
custom_bgp_addresses
block which is documented below. The block can only be used onIPSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. - Dpd
Timeout intSeconds - The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
- Egress
Nat []stringRule Ids - A list of the egress NAT Rule Ids.
- Enable
Bgp bool - If
true
, BGP (Border Gateway Protocol) is enabled for this connection. Defaults tofalse
. - Express
Route stringCircuit Id - The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when
type
isExpressRoute
). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created. - Express
Route boolGateway Bypass - If
true
, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections. - Ingress
Nat []stringRule Ids - A list of the ingress NAT Rule Ids.
- Ipsec
Policy VirtualNetwork Gateway Connection Ipsec Policy Args - A
ipsec_policy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. - Local
Azure boolIp Address Enabled - Use private local Azure IP for the connection. Changing this forces a new resource to be created.
- Local
Network stringGateway Id - The ID of the local network gateway when creating Site-to-Site connection (i.e. when
type
isIPsec
). - Location string
- The location/region where the connection is located. Changing this forces a new resource to be created.
- Name string
- The name of the connection. Changing the name forces a new resource to be created.
- Peer
Virtual stringNetwork Gateway Id - The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when
type
isVnet2Vnet
). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created. - Private
Link boolFast Path Enabled - Bypass the Express Route gateway when accessing private-links. When enabled
express_route_gateway_bypass
must be set totrue
. Defaults tofalse
. - Resource
Group stringName - The name of the resource group in which to create the connection Changing this forces a new resource to be created.
- Routing
Weight int - The routing weight. Defaults to
10
. - string
- The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
- map[string]string
- A mapping of tags to assign to the resource.
- Traffic
Selector VirtualPolicy Network Gateway Connection Traffic Selector Policy Args - One or more
traffic_selector_policy
blocks which are documented below. Atraffic_selector_policy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. - Type string
- The type of connection. Valid options are
IPsec
(Site-to-Site),ExpressRoute
(ExpressRoute), andVnet2Vnet
(VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created. - Use
Policy boolBased Traffic Selectors - If
true
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsec_policy
block. Defaults tofalse
. - Virtual
Network stringGateway Id - The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
- String
- The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
- connection
Mode String - Connection mode to use. Possible values are
Default
,InitiatorOnly
andResponderOnly
. Defaults toDefault
. Changing this value will force a resource to be created. - connection
Protocol String The IKE protocol version to use. Possible values are
IKEv1
andIKEv2
, values areIKEv1
andIKEv2
. Defaults toIKEv2
. Changing this forces a new resource to be created.Note: Only valid for
IPSec
connections on virtual network gateways with SKUVpnGw1
,VpnGw2
,VpnGw3
,VpnGw1AZ
,VpnGw2AZ
orVpnGw3AZ
.- custom
Bgp VirtualAddresses Network Gateway Connection Custom Bgp Addresses - A
custom_bgp_addresses
block which is documented below. The block can only be used onIPSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. - dpd
Timeout IntegerSeconds - The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
- egress
Nat List<String>Rule Ids - A list of the egress NAT Rule Ids.
- enable
Bgp Boolean - If
true
, BGP (Border Gateway Protocol) is enabled for this connection. Defaults tofalse
. - express
Route StringCircuit Id - The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when
type
isExpressRoute
). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created. - express
Route BooleanGateway Bypass - If
true
, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections. - ingress
Nat List<String>Rule Ids - A list of the ingress NAT Rule Ids.
- ipsec
Policy VirtualNetwork Gateway Connection Ipsec Policy - A
ipsec_policy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. - local
Azure BooleanIp Address Enabled - Use private local Azure IP for the connection. Changing this forces a new resource to be created.
- local
Network StringGateway Id - The ID of the local network gateway when creating Site-to-Site connection (i.e. when
type
isIPsec
). - location String
- The location/region where the connection is located. Changing this forces a new resource to be created.
- name String
- The name of the connection. Changing the name forces a new resource to be created.
- peer
Virtual StringNetwork Gateway Id - The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when
type
isVnet2Vnet
). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created. - private
Link BooleanFast Path Enabled - Bypass the Express Route gateway when accessing private-links. When enabled
express_route_gateway_bypass
must be set totrue
. Defaults tofalse
. - resource
Group StringName - The name of the resource group in which to create the connection Changing this forces a new resource to be created.
- routing
Weight Integer - The routing weight. Defaults to
10
. - String
- The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
- Map<String,String>
- A mapping of tags to assign to the resource.
- traffic
Selector VirtualPolicy Network Gateway Connection Traffic Selector Policy - One or more
traffic_selector_policy
blocks which are documented below. Atraffic_selector_policy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. - type String
- The type of connection. Valid options are
IPsec
(Site-to-Site),ExpressRoute
(ExpressRoute), andVnet2Vnet
(VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created. - use
Policy BooleanBased Traffic Selectors - If
true
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsec_policy
block. Defaults tofalse
. - virtual
Network StringGateway Id - The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
- string
- The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
- connection
Mode string - Connection mode to use. Possible values are
Default
,InitiatorOnly
andResponderOnly
. Defaults toDefault
. Changing this value will force a resource to be created. - connection
Protocol string The IKE protocol version to use. Possible values are
IKEv1
andIKEv2
, values areIKEv1
andIKEv2
. Defaults toIKEv2
. Changing this forces a new resource to be created.Note: Only valid for
IPSec
connections on virtual network gateways with SKUVpnGw1
,VpnGw2
,VpnGw3
,VpnGw1AZ
,VpnGw2AZ
orVpnGw3AZ
.- custom
Bgp VirtualAddresses Network Gateway Connection Custom Bgp Addresses - A
custom_bgp_addresses
block which is documented below. The block can only be used onIPSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. - dpd
Timeout numberSeconds - The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
- egress
Nat string[]Rule Ids - A list of the egress NAT Rule Ids.
- enable
Bgp boolean - If
true
, BGP (Border Gateway Protocol) is enabled for this connection. Defaults tofalse
. - express
Route stringCircuit Id - The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when
type
isExpressRoute
). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created. - express
Route booleanGateway Bypass - If
true
, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections. - ingress
Nat string[]Rule Ids - A list of the ingress NAT Rule Ids.
- ipsec
Policy VirtualNetwork Gateway Connection Ipsec Policy - A
ipsec_policy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. - local
Azure booleanIp Address Enabled - Use private local Azure IP for the connection. Changing this forces a new resource to be created.
- local
Network stringGateway Id - The ID of the local network gateway when creating Site-to-Site connection (i.e. when
type
isIPsec
). - location string
- The location/region where the connection is located. Changing this forces a new resource to be created.
- name string
- The name of the connection. Changing the name forces a new resource to be created.
- peer
Virtual stringNetwork Gateway Id - The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when
type
isVnet2Vnet
). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created. - private
Link booleanFast Path Enabled - Bypass the Express Route gateway when accessing private-links. When enabled
express_route_gateway_bypass
must be set totrue
. Defaults tofalse
. - resource
Group stringName - The name of the resource group in which to create the connection Changing this forces a new resource to be created.
- routing
Weight number - The routing weight. Defaults to
10
. - string
- The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
- {[key: string]: string}
- A mapping of tags to assign to the resource.
- traffic
Selector VirtualPolicy Network Gateway Connection Traffic Selector Policy - One or more
traffic_selector_policy
blocks which are documented below. Atraffic_selector_policy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. - type string
- The type of connection. Valid options are
IPsec
(Site-to-Site),ExpressRoute
(ExpressRoute), andVnet2Vnet
(VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created. - use
Policy booleanBased Traffic Selectors - If
true
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsec_policy
block. Defaults tofalse
. - virtual
Network stringGateway Id - The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
- str
- The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
- connection_
mode str - Connection mode to use. Possible values are
Default
,InitiatorOnly
andResponderOnly
. Defaults toDefault
. Changing this value will force a resource to be created. - connection_
protocol str The IKE protocol version to use. Possible values are
IKEv1
andIKEv2
, values areIKEv1
andIKEv2
. Defaults toIKEv2
. Changing this forces a new resource to be created.Note: Only valid for
IPSec
connections on virtual network gateways with SKUVpnGw1
,VpnGw2
,VpnGw3
,VpnGw1AZ
,VpnGw2AZ
orVpnGw3AZ
.- custom_
bgp_ Virtualaddresses Network Gateway Connection Custom Bgp Addresses Args - A
custom_bgp_addresses
block which is documented below. The block can only be used onIPSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. - dpd_
timeout_ intseconds - The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
- egress_
nat_ Sequence[str]rule_ ids - A list of the egress NAT Rule Ids.
- enable_
bgp bool - If
true
, BGP (Border Gateway Protocol) is enabled for this connection. Defaults tofalse
. - express_
route_ strcircuit_ id - The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when
type
isExpressRoute
). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created. - express_
route_ boolgateway_ bypass - If
true
, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections. - ingress_
nat_ Sequence[str]rule_ ids - A list of the ingress NAT Rule Ids.
- ipsec_
policy VirtualNetwork Gateway Connection Ipsec Policy Args - A
ipsec_policy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. - local_
azure_ boolip_ address_ enabled - Use private local Azure IP for the connection. Changing this forces a new resource to be created.
- local_
network_ strgateway_ id - The ID of the local network gateway when creating Site-to-Site connection (i.e. when
type
isIPsec
). - location str
- The location/region where the connection is located. Changing this forces a new resource to be created.
- name str
- The name of the connection. Changing the name forces a new resource to be created.
- peer_
virtual_ strnetwork_ gateway_ id - The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when
type
isVnet2Vnet
). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created. - private_
link_ boolfast_ path_ enabled - Bypass the Express Route gateway when accessing private-links. When enabled
express_route_gateway_bypass
must be set totrue
. Defaults tofalse
. - resource_
group_ strname - The name of the resource group in which to create the connection Changing this forces a new resource to be created.
- routing_
weight int - The routing weight. Defaults to
10
. - str
- The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
- Mapping[str, str]
- A mapping of tags to assign to the resource.
- traffic_
selector_ Virtualpolicy Network Gateway Connection Traffic Selector Policy Args - One or more
traffic_selector_policy
blocks which are documented below. Atraffic_selector_policy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. - type str
- The type of connection. Valid options are
IPsec
(Site-to-Site),ExpressRoute
(ExpressRoute), andVnet2Vnet
(VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created. - use_
policy_ boolbased_ traffic_ selectors - If
true
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsec_policy
block. Defaults tofalse
. - virtual_
network_ strgateway_ id - The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
- String
- The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
- connection
Mode String - Connection mode to use. Possible values are
Default
,InitiatorOnly
andResponderOnly
. Defaults toDefault
. Changing this value will force a resource to be created. - connection
Protocol String The IKE protocol version to use. Possible values are
IKEv1
andIKEv2
, values areIKEv1
andIKEv2
. Defaults toIKEv2
. Changing this forces a new resource to be created.Note: Only valid for
IPSec
connections on virtual network gateways with SKUVpnGw1
,VpnGw2
,VpnGw3
,VpnGw1AZ
,VpnGw2AZ
orVpnGw3AZ
.- custom
Bgp Property MapAddresses - A
custom_bgp_addresses
block which is documented below. The block can only be used onIPSec
/activeactive
connections, For details about see the relevant section in the Azure documentation. - dpd
Timeout NumberSeconds - The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
- egress
Nat List<String>Rule Ids - A list of the egress NAT Rule Ids.
- enable
Bgp Boolean - If
true
, BGP (Border Gateway Protocol) is enabled for this connection. Defaults tofalse
. - express
Route StringCircuit Id - The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when
type
isExpressRoute
). The Express Route Circuit can be in the same or in a different subscription. Changing this forces a new resource to be created. - express
Route BooleanGateway Bypass - If
true
, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections. - ingress
Nat List<String>Rule Ids - A list of the ingress NAT Rule Ids.
- ipsec
Policy Property Map - A
ipsec_policy
block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation. - local
Azure BooleanIp Address Enabled - Use private local Azure IP for the connection. Changing this forces a new resource to be created.
- local
Network StringGateway Id - The ID of the local network gateway when creating Site-to-Site connection (i.e. when
type
isIPsec
). - location String
- The location/region where the connection is located. Changing this forces a new resource to be created.
- name String
- The name of the connection. Changing the name forces a new resource to be created.
- peer
Virtual StringNetwork Gateway Id - The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when
type
isVnet2Vnet
). The peer Virtual Network Gateway can be in the same or in a different subscription. Changing this forces a new resource to be created. - private
Link BooleanFast Path Enabled - Bypass the Express Route gateway when accessing private-links. When enabled
express_route_gateway_bypass
must be set totrue
. Defaults tofalse
. - resource
Group StringName - The name of the resource group in which to create the connection Changing this forces a new resource to be created.
- routing
Weight Number - The routing weight. Defaults to
10
. - String
- The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
- Map<String>
- A mapping of tags to assign to the resource.
- traffic
Selector Property MapPolicy - One or more
traffic_selector_policy
blocks which are documented below. Atraffic_selector_policy
allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation. - type String
- The type of connection. Valid options are
IPsec
(Site-to-Site),ExpressRoute
(ExpressRoute), andVnet2Vnet
(VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing this forces a new resource to be created. - use
Policy BooleanBased Traffic Selectors - If
true
, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires anipsec_policy
block. Defaults tofalse
. - virtual
Network StringGateway Id - The ID of the Virtual Network Gateway in which the connection will be created. Changing this forces a new resource to be created.
Supporting Types
VirtualNetworkGatewayConnectionCustomBgpAddresses, VirtualNetworkGatewayConnectionCustomBgpAddressesArgs
VirtualNetworkGatewayConnectionIpsecPolicy, VirtualNetworkGatewayConnectionIpsecPolicyArgs
- Dh
Group string - The DH group used in IKE phase 1 for initial SA. Valid options are
DHGroup1
,DHGroup14
,DHGroup2
,DHGroup2048
,DHGroup24
,ECP256
,ECP384
, orNone
. - Ike
Encryption string - The IKE encryption algorithm. Valid options are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
, orGCMAES256
. - Ike
Integrity string - The IKE integrity algorithm. Valid options are
GCMAES128
,GCMAES256
,MD5
,SHA1
,SHA256
, orSHA384
. - Ipsec
Encryption string - The IPSec encryption algorithm. Valid options are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
,GCMAES192
,GCMAES256
, orNone
. - Ipsec
Integrity string - The IPSec integrity algorithm. Valid options are
GCMAES128
,GCMAES192
,GCMAES256
,MD5
,SHA1
, orSHA256
. - Pfs
Group string - The DH group used in IKE phase 2 for new child SA.
Valid options are
ECP256
,ECP384
,PFS1
,PFS14
,PFS2
,PFS2048
,PFS24
,PFSMM
, orNone
. - Sa
Datasize int - The IPSec SA payload size in KB. Must be at least
1024
KB. Defaults to102400000
KB. - Sa
Lifetime int - The IPSec SA lifetime in seconds. Must be at least
300
seconds. Defaults to27000
seconds.
- Dh
Group string - The DH group used in IKE phase 1 for initial SA. Valid options are
DHGroup1
,DHGroup14
,DHGroup2
,DHGroup2048
,DHGroup24
,ECP256
,ECP384
, orNone
. - Ike
Encryption string - The IKE encryption algorithm. Valid options are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
, orGCMAES256
. - Ike
Integrity string - The IKE integrity algorithm. Valid options are
GCMAES128
,GCMAES256
,MD5
,SHA1
,SHA256
, orSHA384
. - Ipsec
Encryption string - The IPSec encryption algorithm. Valid options are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
,GCMAES192
,GCMAES256
, orNone
. - Ipsec
Integrity string - The IPSec integrity algorithm. Valid options are
GCMAES128
,GCMAES192
,GCMAES256
,MD5
,SHA1
, orSHA256
. - Pfs
Group string - The DH group used in IKE phase 2 for new child SA.
Valid options are
ECP256
,ECP384
,PFS1
,PFS14
,PFS2
,PFS2048
,PFS24
,PFSMM
, orNone
. - Sa
Datasize int - The IPSec SA payload size in KB. Must be at least
1024
KB. Defaults to102400000
KB. - Sa
Lifetime int - The IPSec SA lifetime in seconds. Must be at least
300
seconds. Defaults to27000
seconds.
- dh
Group String - The DH group used in IKE phase 1 for initial SA. Valid options are
DHGroup1
,DHGroup14
,DHGroup2
,DHGroup2048
,DHGroup24
,ECP256
,ECP384
, orNone
. - ike
Encryption String - The IKE encryption algorithm. Valid options are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
, orGCMAES256
. - ike
Integrity String - The IKE integrity algorithm. Valid options are
GCMAES128
,GCMAES256
,MD5
,SHA1
,SHA256
, orSHA384
. - ipsec
Encryption String - The IPSec encryption algorithm. Valid options are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
,GCMAES192
,GCMAES256
, orNone
. - ipsec
Integrity String - The IPSec integrity algorithm. Valid options are
GCMAES128
,GCMAES192
,GCMAES256
,MD5
,SHA1
, orSHA256
. - pfs
Group String - The DH group used in IKE phase 2 for new child SA.
Valid options are
ECP256
,ECP384
,PFS1
,PFS14
,PFS2
,PFS2048
,PFS24
,PFSMM
, orNone
. - sa
Datasize Integer - The IPSec SA payload size in KB. Must be at least
1024
KB. Defaults to102400000
KB. - sa
Lifetime Integer - The IPSec SA lifetime in seconds. Must be at least
300
seconds. Defaults to27000
seconds.
- dh
Group string - The DH group used in IKE phase 1 for initial SA. Valid options are
DHGroup1
,DHGroup14
,DHGroup2
,DHGroup2048
,DHGroup24
,ECP256
,ECP384
, orNone
. - ike
Encryption string - The IKE encryption algorithm. Valid options are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
, orGCMAES256
. - ike
Integrity string - The IKE integrity algorithm. Valid options are
GCMAES128
,GCMAES256
,MD5
,SHA1
,SHA256
, orSHA384
. - ipsec
Encryption string - The IPSec encryption algorithm. Valid options are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
,GCMAES192
,GCMAES256
, orNone
. - ipsec
Integrity string - The IPSec integrity algorithm. Valid options are
GCMAES128
,GCMAES192
,GCMAES256
,MD5
,SHA1
, orSHA256
. - pfs
Group string - The DH group used in IKE phase 2 for new child SA.
Valid options are
ECP256
,ECP384
,PFS1
,PFS14
,PFS2
,PFS2048
,PFS24
,PFSMM
, orNone
. - sa
Datasize number - The IPSec SA payload size in KB. Must be at least
1024
KB. Defaults to102400000
KB. - sa
Lifetime number - The IPSec SA lifetime in seconds. Must be at least
300
seconds. Defaults to27000
seconds.
- dh_
group str - The DH group used in IKE phase 1 for initial SA. Valid options are
DHGroup1
,DHGroup14
,DHGroup2
,DHGroup2048
,DHGroup24
,ECP256
,ECP384
, orNone
. - ike_
encryption str - The IKE encryption algorithm. Valid options are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
, orGCMAES256
. - ike_
integrity str - The IKE integrity algorithm. Valid options are
GCMAES128
,GCMAES256
,MD5
,SHA1
,SHA256
, orSHA384
. - ipsec_
encryption str - The IPSec encryption algorithm. Valid options are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
,GCMAES192
,GCMAES256
, orNone
. - ipsec_
integrity str - The IPSec integrity algorithm. Valid options are
GCMAES128
,GCMAES192
,GCMAES256
,MD5
,SHA1
, orSHA256
. - pfs_
group str - The DH group used in IKE phase 2 for new child SA.
Valid options are
ECP256
,ECP384
,PFS1
,PFS14
,PFS2
,PFS2048
,PFS24
,PFSMM
, orNone
. - sa_
datasize int - The IPSec SA payload size in KB. Must be at least
1024
KB. Defaults to102400000
KB. - sa_
lifetime int - The IPSec SA lifetime in seconds. Must be at least
300
seconds. Defaults to27000
seconds.
- dh
Group String - The DH group used in IKE phase 1 for initial SA. Valid options are
DHGroup1
,DHGroup14
,DHGroup2
,DHGroup2048
,DHGroup24
,ECP256
,ECP384
, orNone
. - ike
Encryption String - The IKE encryption algorithm. Valid options are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
, orGCMAES256
. - ike
Integrity String - The IKE integrity algorithm. Valid options are
GCMAES128
,GCMAES256
,MD5
,SHA1
,SHA256
, orSHA384
. - ipsec
Encryption String - The IPSec encryption algorithm. Valid options are
AES128
,AES192
,AES256
,DES
,DES3
,GCMAES128
,GCMAES192
,GCMAES256
, orNone
. - ipsec
Integrity String - The IPSec integrity algorithm. Valid options are
GCMAES128
,GCMAES192
,GCMAES256
,MD5
,SHA1
, orSHA256
. - pfs
Group String - The DH group used in IKE phase 2 for new child SA.
Valid options are
ECP256
,ECP384
,PFS1
,PFS14
,PFS2
,PFS2048
,PFS24
,PFSMM
, orNone
. - sa
Datasize Number - The IPSec SA payload size in KB. Must be at least
1024
KB. Defaults to102400000
KB. - sa
Lifetime Number - The IPSec SA lifetime in seconds. Must be at least
300
seconds. Defaults to27000
seconds.
VirtualNetworkGatewayConnectionTrafficSelectorPolicy, VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs
- Local
Address List<string>Cidrs - List of local CIDRs.
- Remote
Address List<string>Cidrs - List of remote CIDRs.
- Local
Address []stringCidrs - List of local CIDRs.
- Remote
Address []stringCidrs - List of remote CIDRs.
- local
Address List<String>Cidrs - List of local CIDRs.
- remote
Address List<String>Cidrs - List of remote CIDRs.
- local
Address string[]Cidrs - List of local CIDRs.
- remote
Address string[]Cidrs - List of remote CIDRs.
- local_
address_ Sequence[str]cidrs - List of local CIDRs.
- remote_
address_ Sequence[str]cidrs - List of remote CIDRs.
- local
Address List<String>Cidrs - List of local CIDRs.
- remote
Address List<String>Cidrs - List of remote CIDRs.
Import
Virtual Network Gateway Connections can be imported using their resource id
, e.g.
$ pulumi import azure:network/virtualNetworkGatewayConnection:VirtualNetworkGatewayConnection exampleConnection /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup1/providers/Microsoft.Network/connections/myConnection1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.