We recommend using Azure Native.
azure.network.VirtualNetworkGateway
Explore with Pulumi AI
Manages a Virtual Network Gateway to establish secure, cross-premises connectivity.
Note: Please be aware that provisioning a Virtual Network Gateway takes a long time (between 30 minutes and 1 hour)
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
{
Location = "West Europe",
});
var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("exampleVirtualNetwork", new()
{
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
AddressSpaces = new[]
{
"10.0.0.0/16",
},
});
var exampleSubnet = new Azure.Network.Subnet("exampleSubnet", new()
{
ResourceGroupName = exampleResourceGroup.Name,
VirtualNetworkName = exampleVirtualNetwork.Name,
AddressPrefixes = new[]
{
"10.0.1.0/24",
},
});
var examplePublicIp = new Azure.Network.PublicIp("examplePublicIp", new()
{
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
AllocationMethod = "Dynamic",
});
var exampleVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("exampleVirtualNetworkGateway", new()
{
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
Type = "Vpn",
VpnType = "RouteBased",
ActiveActive = false,
EnableBgp = false,
Sku = "Basic",
IpConfigurations = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
{
Name = "vnetGatewayConfig",
PublicIpAddressId = examplePublicIp.Id,
PrivateIpAddressAllocation = "Dynamic",
SubnetId = exampleSubnet.Id,
},
},
VpnClientConfiguration = new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationArgs
{
AddressSpaces = new[]
{
"10.2.0.0/24",
},
RootCertificates = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs
{
Name = "DigiCert-Federated-ID-Root-CA",
PublicCertData = @"MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
",
},
},
RevokedCertificates = new[]
{
new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs
{
Name = "Verizon-Global-Root-CA",
Thumbprint = "912198EEF23DCAC40939312FEE97DD560BAE49B1",
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "exampleVirtualNetwork", &network.VirtualNetworkArgs{
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
AddressSpaces: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
})
if err != nil {
return err
}
exampleSubnet, err := network.NewSubnet(ctx, "exampleSubnet", &network.SubnetArgs{
ResourceGroupName: exampleResourceGroup.Name,
VirtualNetworkName: exampleVirtualNetwork.Name,
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.1.0/24"),
},
})
if err != nil {
return err
}
examplePublicIp, err := network.NewPublicIp(ctx, "examplePublicIp", &network.PublicIpArgs{
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
AllocationMethod: pulumi.String("Dynamic"),
})
if err != nil {
return err
}
_, err = network.NewVirtualNetworkGateway(ctx, "exampleVirtualNetworkGateway", &network.VirtualNetworkGatewayArgs{
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
Type: pulumi.String("Vpn"),
VpnType: pulumi.String("RouteBased"),
ActiveActive: pulumi.Bool(false),
EnableBgp: pulumi.Bool(false),
Sku: pulumi.String("Basic"),
IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
&network.VirtualNetworkGatewayIpConfigurationArgs{
Name: pulumi.String("vnetGatewayConfig"),
PublicIpAddressId: examplePublicIp.ID(),
PrivateIpAddressAllocation: pulumi.String("Dynamic"),
SubnetId: exampleSubnet.ID(),
},
},
VpnClientConfiguration: &network.VirtualNetworkGatewayVpnClientConfigurationArgs{
AddressSpaces: pulumi.StringArray{
pulumi.String("10.2.0.0/24"),
},
RootCertificates: network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArray{
&network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs{
Name: pulumi.String("DigiCert-Federated-ID-Root-CA"),
PublicCertData: pulumi.String(`MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
`),
},
},
RevokedCertificates: network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArray{
&network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs{
Name: pulumi.String("Verizon-Global-Root-CA"),
Thumbprint: pulumi.String("912198EEF23DCAC40939312FEE97DD560BAE49B1"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.PublicIp;
import com.pulumi.azure.network.PublicIpArgs;
import com.pulumi.azure.network.VirtualNetworkGateway;
import com.pulumi.azure.network.VirtualNetworkGatewayArgs;
import com.pulumi.azure.network.inputs.VirtualNetworkGatewayIpConfigurationArgs;
import com.pulumi.azure.network.inputs.VirtualNetworkGatewayVpnClientConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.addressSpaces("10.0.0.0/16")
.build());
var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.virtualNetworkName(exampleVirtualNetwork.name())
.addressPrefixes("10.0.1.0/24")
.build());
var examplePublicIp = new PublicIp("examplePublicIp", PublicIpArgs.builder()
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.allocationMethod("Dynamic")
.build());
var exampleVirtualNetworkGateway = new VirtualNetworkGateway("exampleVirtualNetworkGateway", VirtualNetworkGatewayArgs.builder()
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.type("Vpn")
.vpnType("RouteBased")
.activeActive(false)
.enableBgp(false)
.sku("Basic")
.ipConfigurations(VirtualNetworkGatewayIpConfigurationArgs.builder()
.name("vnetGatewayConfig")
.publicIpAddressId(examplePublicIp.id())
.privateIpAddressAllocation("Dynamic")
.subnetId(exampleSubnet.id())
.build())
.vpnClientConfiguration(VirtualNetworkGatewayVpnClientConfigurationArgs.builder()
.addressSpaces("10.2.0.0/24")
.rootCertificates(VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs.builder()
.name("DigiCert-Federated-ID-Root-CA")
.publicCertData("""
MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
""")
.build())
.revokedCertificates(VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs.builder()
.name("Verizon-Global-Root-CA")
.thumbprint("912198EEF23DCAC40939312FEE97DD560BAE49B1")
.build())
.build())
.build());
}
}
import pulumi
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_virtual_network = azure.network.VirtualNetwork("exampleVirtualNetwork",
location=example_resource_group.location,
resource_group_name=example_resource_group.name,
address_spaces=["10.0.0.0/16"])
example_subnet = azure.network.Subnet("exampleSubnet",
resource_group_name=example_resource_group.name,
virtual_network_name=example_virtual_network.name,
address_prefixes=["10.0.1.0/24"])
example_public_ip = azure.network.PublicIp("examplePublicIp",
location=example_resource_group.location,
resource_group_name=example_resource_group.name,
allocation_method="Dynamic")
example_virtual_network_gateway = azure.network.VirtualNetworkGateway("exampleVirtualNetworkGateway",
location=example_resource_group.location,
resource_group_name=example_resource_group.name,
type="Vpn",
vpn_type="RouteBased",
active_active=False,
enable_bgp=False,
sku="Basic",
ip_configurations=[azure.network.VirtualNetworkGatewayIpConfigurationArgs(
name="vnetGatewayConfig",
public_ip_address_id=example_public_ip.id,
private_ip_address_allocation="Dynamic",
subnet_id=example_subnet.id,
)],
vpn_client_configuration=azure.network.VirtualNetworkGatewayVpnClientConfigurationArgs(
address_spaces=["10.2.0.0/24"],
root_certificates=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs(
name="DigiCert-Federated-ID-Root-CA",
public_cert_data="""MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
""",
)],
revoked_certificates=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs(
name="Verizon-Global-Root-CA",
thumbprint="912198EEF23DCAC40939312FEE97DD560BAE49B1",
)],
))
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("exampleVirtualNetwork", {
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
addressSpaces: ["10.0.0.0/16"],
});
const exampleSubnet = new azure.network.Subnet("exampleSubnet", {
resourceGroupName: exampleResourceGroup.name,
virtualNetworkName: exampleVirtualNetwork.name,
addressPrefixes: ["10.0.1.0/24"],
});
const examplePublicIp = new azure.network.PublicIp("examplePublicIp", {
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
allocationMethod: "Dynamic",
});
const exampleVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("exampleVirtualNetworkGateway", {
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
type: "Vpn",
vpnType: "RouteBased",
activeActive: false,
enableBgp: false,
sku: "Basic",
ipConfigurations: [{
name: "vnetGatewayConfig",
publicIpAddressId: examplePublicIp.id,
privateIpAddressAllocation: "Dynamic",
subnetId: exampleSubnet.id,
}],
vpnClientConfiguration: {
addressSpaces: ["10.2.0.0/24"],
rootCertificates: [{
name: "DigiCert-Federated-ID-Root-CA",
publicCertData: `MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
`,
}],
revokedCertificates: [{
name: "Verizon-Global-Root-CA",
thumbprint: "912198EEF23DCAC40939312FEE97DD560BAE49B1",
}],
},
});
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
properties:
location: West Europe
exampleVirtualNetwork:
type: azure:network:VirtualNetwork
properties:
location: ${exampleResourceGroup.location}
resourceGroupName: ${exampleResourceGroup.name}
addressSpaces:
- 10.0.0.0/16
exampleSubnet:
type: azure:network:Subnet
properties:
resourceGroupName: ${exampleResourceGroup.name}
virtualNetworkName: ${exampleVirtualNetwork.name}
addressPrefixes:
- 10.0.1.0/24
examplePublicIp:
type: azure:network:PublicIp
properties:
location: ${exampleResourceGroup.location}
resourceGroupName: ${exampleResourceGroup.name}
allocationMethod: Dynamic
exampleVirtualNetworkGateway:
type: azure:network:VirtualNetworkGateway
properties:
location: ${exampleResourceGroup.location}
resourceGroupName: ${exampleResourceGroup.name}
type: Vpn
vpnType: RouteBased
activeActive: false
enableBgp: false
sku: Basic
ipConfigurations:
- name: vnetGatewayConfig
publicIpAddressId: ${examplePublicIp.id}
privateIpAddressAllocation: Dynamic
subnetId: ${exampleSubnet.id}
vpnClientConfiguration:
addressSpaces:
- 10.2.0.0/24
rootCertificates:
- name: DigiCert-Federated-ID-Root-CA
publicCertData: |
MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
revokedCertificates:
- name: Verizon-Global-Root-CA
thumbprint: 912198EEF23DCAC40939312FEE97DD560BAE49B1
Create VirtualNetworkGateway Resource
new VirtualNetworkGateway(name: string, args: VirtualNetworkGatewayArgs, opts?: CustomResourceOptions);
@overload
def VirtualNetworkGateway(resource_name: str,
opts: Optional[ResourceOptions] = None,
active_active: Optional[bool] = None,
bgp_settings: Optional[VirtualNetworkGatewayBgpSettingsArgs] = None,
custom_route: Optional[VirtualNetworkGatewayCustomRouteArgs] = None,
default_local_network_gateway_id: Optional[str] = None,
edge_zone: Optional[str] = None,
enable_bgp: Optional[bool] = None,
generation: Optional[str] = None,
ip_configurations: Optional[Sequence[VirtualNetworkGatewayIpConfigurationArgs]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
private_ip_address_enabled: Optional[bool] = None,
resource_group_name: Optional[str] = None,
sku: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
type: Optional[str] = None,
vpn_client_configuration: Optional[VirtualNetworkGatewayVpnClientConfigurationArgs] = None,
vpn_type: Optional[str] = None)
@overload
def VirtualNetworkGateway(resource_name: str,
args: VirtualNetworkGatewayArgs,
opts: Optional[ResourceOptions] = None)
func NewVirtualNetworkGateway(ctx *Context, name string, args VirtualNetworkGatewayArgs, opts ...ResourceOption) (*VirtualNetworkGateway, error)
public VirtualNetworkGateway(string name, VirtualNetworkGatewayArgs args, CustomResourceOptions? opts = null)
public VirtualNetworkGateway(String name, VirtualNetworkGatewayArgs args)
public VirtualNetworkGateway(String name, VirtualNetworkGatewayArgs args, CustomResourceOptions options)
type: azure:network:VirtualNetworkGateway
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VirtualNetworkGatewayArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args VirtualNetworkGatewayArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args VirtualNetworkGatewayArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VirtualNetworkGatewayArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args VirtualNetworkGatewayArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
VirtualNetworkGateway Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The VirtualNetworkGateway resource accepts the following input properties:
- Ip
Configurations List<VirtualNetwork Gateway Ip Configuration> One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks.- Resource
Group stringName The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- Sku string
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- Type string
The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created.- Active
Active bool If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
.- Bgp
Settings VirtualNetwork Gateway Bgp Settings A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined.- Custom
Route VirtualNetwork Gateway Custom Route A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.- Default
Local stringNetwork Gateway Id The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- Edge
Zone string Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- Enable
Bgp bool If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
.- Generation string
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- Location string
The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- Name string
The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- Private
Ip boolAddress Enabled Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- Dictionary<string, string>
A mapping of tags to assign to the resource.
- Vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.- Vpn
Type string The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- Ip
Configurations []VirtualNetwork Gateway Ip Configuration Args One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks.- Resource
Group stringName The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- Sku string
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- Type string
The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created.- Active
Active bool If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
.- Bgp
Settings VirtualNetwork Gateway Bgp Settings Args A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined.- Custom
Route VirtualNetwork Gateway Custom Route Args A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.- Default
Local stringNetwork Gateway Id The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- Edge
Zone string Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- Enable
Bgp bool If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
.- Generation string
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- Location string
The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- Name string
The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- Private
Ip boolAddress Enabled Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- map[string]string
A mapping of tags to assign to the resource.
- Vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration Args A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.- Vpn
Type string The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- ip
Configurations List<VirtualNetwork Gateway Ip Configuration> One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks.- resource
Group StringName The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku String
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- type String
The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created.- active
Active Boolean If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
.- bgp
Settings VirtualNetwork Gateway Bgp Settings A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined.- custom
Route VirtualNetwork Gateway Custom Route A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.- default
Local StringNetwork Gateway Id The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- edge
Zone String Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable
Bgp Boolean If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
.- generation String
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- location String
The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name String
The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- private
Ip BooleanAddress Enabled Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- Map<String,String>
A mapping of tags to assign to the resource.
- vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.- vpn
Type String The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- ip
Configurations VirtualNetwork Gateway Ip Configuration[] One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks.- resource
Group stringName The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku string
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- type string
The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created.- active
Active boolean If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
.- bgp
Settings VirtualNetwork Gateway Bgp Settings A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined.- custom
Route VirtualNetwork Gateway Custom Route A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.- default
Local stringNetwork Gateway Id The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- edge
Zone string Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable
Bgp boolean If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
.- generation string
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- location string
The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name string
The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- private
Ip booleanAddress Enabled Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- {[key: string]: string}
A mapping of tags to assign to the resource.
- vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.- vpn
Type string The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- ip_
configurations Sequence[VirtualNetwork Gateway Ip Configuration Args] One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks.- resource_
group_ strname The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku str
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- type str
The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created.- active_
active bool If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
.- bgp_
settings VirtualNetwork Gateway Bgp Settings Args A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined.- custom_
route VirtualNetwork Gateway Custom Route Args A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.- default_
local_ strnetwork_ gateway_ id The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- edge_
zone str Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable_
bgp bool If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
.- generation str
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- location str
The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name str
The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- private_
ip_ booladdress_ enabled Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- Mapping[str, str]
A mapping of tags to assign to the resource.
- vpn_
client_ Virtualconfiguration Network Gateway Vpn Client Configuration Args A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.- vpn_
type str The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- ip
Configurations List<Property Map> One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks.- resource
Group StringName The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku String
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- type String
The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created.- active
Active Boolean If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
.- bgp
Settings Property Map A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined.- custom
Route Property Map A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.- default
Local StringNetwork Gateway Id The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- edge
Zone String Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable
Bgp Boolean If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
.- generation String
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- location String
The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name String
The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- private
Ip BooleanAddress Enabled Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- Map<String>
A mapping of tags to assign to the resource.
- vpn
Client Property MapConfiguration A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.- vpn
Type String The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
Outputs
All input properties are implicitly available as output properties. Additionally, the VirtualNetworkGateway resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing VirtualNetworkGateway Resource
Get an existing VirtualNetworkGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: VirtualNetworkGatewayState, opts?: CustomResourceOptions): VirtualNetworkGateway
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
active_active: Optional[bool] = None,
bgp_settings: Optional[VirtualNetworkGatewayBgpSettingsArgs] = None,
custom_route: Optional[VirtualNetworkGatewayCustomRouteArgs] = None,
default_local_network_gateway_id: Optional[str] = None,
edge_zone: Optional[str] = None,
enable_bgp: Optional[bool] = None,
generation: Optional[str] = None,
ip_configurations: Optional[Sequence[VirtualNetworkGatewayIpConfigurationArgs]] = None,
location: Optional[str] = None,
name: Optional[str] = None,
private_ip_address_enabled: Optional[bool] = None,
resource_group_name: Optional[str] = None,
sku: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
type: Optional[str] = None,
vpn_client_configuration: Optional[VirtualNetworkGatewayVpnClientConfigurationArgs] = None,
vpn_type: Optional[str] = None) -> VirtualNetworkGateway
func GetVirtualNetworkGateway(ctx *Context, name string, id IDInput, state *VirtualNetworkGatewayState, opts ...ResourceOption) (*VirtualNetworkGateway, error)
public static VirtualNetworkGateway Get(string name, Input<string> id, VirtualNetworkGatewayState? state, CustomResourceOptions? opts = null)
public static VirtualNetworkGateway get(String name, Output<String> id, VirtualNetworkGatewayState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Active
Active bool If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
.- Bgp
Settings VirtualNetwork Gateway Bgp Settings A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined.- Custom
Route VirtualNetwork Gateway Custom Route A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.- Default
Local stringNetwork Gateway Id The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- Edge
Zone string Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- Enable
Bgp bool If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
.- Generation string
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- Ip
Configurations List<VirtualNetwork Gateway Ip Configuration> One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks.- Location string
The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- Name string
The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- Private
Ip boolAddress Enabled Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- Resource
Group stringName The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- Sku string
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- Dictionary<string, string>
A mapping of tags to assign to the resource.
- Type string
The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created.- Vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.- Vpn
Type string The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- Active
Active bool If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
.- Bgp
Settings VirtualNetwork Gateway Bgp Settings Args A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined.- Custom
Route VirtualNetwork Gateway Custom Route Args A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.- Default
Local stringNetwork Gateway Id The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- Edge
Zone string Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- Enable
Bgp bool If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
.- Generation string
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- Ip
Configurations []VirtualNetwork Gateway Ip Configuration Args One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks.- Location string
The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- Name string
The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- Private
Ip boolAddress Enabled Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- Resource
Group stringName The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- Sku string
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- map[string]string
A mapping of tags to assign to the resource.
- Type string
The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created.- Vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration Args A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.- Vpn
Type string The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- active
Active Boolean If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
.- bgp
Settings VirtualNetwork Gateway Bgp Settings A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined.- custom
Route VirtualNetwork Gateway Custom Route A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.- default
Local StringNetwork Gateway Id The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- edge
Zone String Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable
Bgp Boolean If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
.- generation String
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- ip
Configurations List<VirtualNetwork Gateway Ip Configuration> One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks.- location String
The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name String
The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- private
Ip BooleanAddress Enabled Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- resource
Group StringName The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku String
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- Map<String,String>
A mapping of tags to assign to the resource.
- type String
The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created.- vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.- vpn
Type String The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- active
Active boolean If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
.- bgp
Settings VirtualNetwork Gateway Bgp Settings A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined.- custom
Route VirtualNetwork Gateway Custom Route A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.- default
Local stringNetwork Gateway Id The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- edge
Zone string Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable
Bgp boolean If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
.- generation string
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- ip
Configurations VirtualNetwork Gateway Ip Configuration[] One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks.- location string
The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name string
The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- private
Ip booleanAddress Enabled Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- resource
Group stringName The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku string
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- {[key: string]: string}
A mapping of tags to assign to the resource.
- type string
The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created.- vpn
Client VirtualConfiguration Network Gateway Vpn Client Configuration A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.- vpn
Type string The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- active_
active bool If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
.- bgp_
settings VirtualNetwork Gateway Bgp Settings Args A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined.- custom_
route VirtualNetwork Gateway Custom Route Args A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.- default_
local_ strnetwork_ gateway_ id The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- edge_
zone str Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable_
bgp bool If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
.- generation str
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- ip_
configurations Sequence[VirtualNetwork Gateway Ip Configuration Args] One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks.- location str
The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name str
The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- private_
ip_ booladdress_ enabled Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- resource_
group_ strname The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku str
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- Mapping[str, str]
A mapping of tags to assign to the resource.
- type str
The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created.- vpn_
client_ Virtualconfiguration Network Gateway Vpn Client Configuration Args A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.- vpn_
type str The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
- active
Active Boolean If
true
, an active-active Virtual Network Gateway will be created. An active-active gateway requires aHighPerformance
or anUltraPerformance
SKU. Iffalse
, an active-standby gateway will be created. Defaults tofalse
.- bgp
Settings Property Map A
bgp_settings
block which is documented below. In this block the BGP specific settings can be defined.- custom
Route Property Map A
custom_route
block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.- default
Local StringNetwork Gateway Id The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
- edge
Zone String Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.
- enable
Bgp Boolean If
true
, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults tofalse
.- generation String
The Generation of the Virtual Network gateway. Possible values include
Generation1
,Generation2
orNone
. Changing this forces a new resource to be created.NOTE: The available values depend on the
type
andsku
arguments - whereGeneration2
is only value for asku
larger thanVpnGw2
orVpnGw2AZ
.- ip
Configurations List<Property Map> One or more (up to 3)
ip_configuration
blocks documented below. An active-standby gateway requires exactly oneip_configuration
block, an active-active gateway requires exactly twoip_configuration
blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly threeip_configuration
blocks.- location String
The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.
- name String
The name of the Virtual Network Gateway. Changing this forces a new resource to be created.
- private
Ip BooleanAddress Enabled Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.
- resource
Group StringName The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.
- sku String
Configuration of the size and capacity of the virtual network gateway. Valid options are
Basic
,Standard
,HighPerformance
,UltraPerformance
,ErGw1AZ
,ErGw2AZ
,ErGw3AZ
,VpnGw1
,VpnGw2
,VpnGw3
,VpnGw4
,VpnGw5
,VpnGw1AZ
,VpnGw2AZ
,VpnGw3AZ
,VpnGw4AZ
andVpnGw5AZ
and depend on thetype
,vpn_type
andgeneration
arguments. APolicyBased
gateway only supports theBasic
SKU. Further, theUltraPerformance
SKU is only supported by anExpressRoute
gateway.NOTE: To build a UltraPerformance ExpressRoute Virtual Network gateway, the associated Public IP needs to be SKU "Basic" not "Standard"
NOTE: Not all SKUs (e.g.
ErGw1AZ
) are available in all regions. If you seeStatusCode=400 -- Original Error: Code="InvalidGatewaySkuSpecifiedForGatewayDeploymentType"
please try another region.- Map<String>
A mapping of tags to assign to the resource.
- type String
The type of the Virtual Network Gateway. Valid options are
Vpn
orExpressRoute
. Changing the type forces a new resource to be created.- vpn
Client Property MapConfiguration A
vpn_client_configuration
block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.- vpn
Type String The routing type of the Virtual Network Gateway. Valid options are
RouteBased
orPolicyBased
. Defaults toRouteBased
. Changing this forces a new resource to be created.
Supporting Types
VirtualNetworkGatewayBgpSettings, VirtualNetworkGatewayBgpSettingsArgs
- Asn int
The Autonomous System Number (ASN) to use as part of the BGP.
- Peer
Weight int The weight added to routes which have been learned through BGP peering. Valid values can be between
0
and100
.- Peering
Addresses List<VirtualNetwork Gateway Bgp Settings Peering Address> A list of
peering_addresses
blocks as defined below. Only onepeering_addresses
block can be specified except whenactive_active
of this Virtual Network Gateway istrue
.
- Asn int
The Autonomous System Number (ASN) to use as part of the BGP.
- Peer
Weight int The weight added to routes which have been learned through BGP peering. Valid values can be between
0
and100
.- Peering
Addresses []VirtualNetwork Gateway Bgp Settings Peering Address A list of
peering_addresses
blocks as defined below. Only onepeering_addresses
block can be specified except whenactive_active
of this Virtual Network Gateway istrue
.
- asn Integer
The Autonomous System Number (ASN) to use as part of the BGP.
- peer
Weight Integer The weight added to routes which have been learned through BGP peering. Valid values can be between
0
and100
.- peering
Addresses List<VirtualNetwork Gateway Bgp Settings Peering Address> A list of
peering_addresses
blocks as defined below. Only onepeering_addresses
block can be specified except whenactive_active
of this Virtual Network Gateway istrue
.
- asn number
The Autonomous System Number (ASN) to use as part of the BGP.
- peer
Weight number The weight added to routes which have been learned through BGP peering. Valid values can be between
0
and100
.- peering
Addresses VirtualNetwork Gateway Bgp Settings Peering Address[] A list of
peering_addresses
blocks as defined below. Only onepeering_addresses
block can be specified except whenactive_active
of this Virtual Network Gateway istrue
.
- asn int
The Autonomous System Number (ASN) to use as part of the BGP.
- peer_
weight int The weight added to routes which have been learned through BGP peering. Valid values can be between
0
and100
.- peering_
addresses Sequence[VirtualNetwork Gateway Bgp Settings Peering Address] A list of
peering_addresses
blocks as defined below. Only onepeering_addresses
block can be specified except whenactive_active
of this Virtual Network Gateway istrue
.
- asn Number
The Autonomous System Number (ASN) to use as part of the BGP.
- peer
Weight Number The weight added to routes which have been learned through BGP peering. Valid values can be between
0
and100
.- peering
Addresses List<Property Map> A list of
peering_addresses
blocks as defined below. Only onepeering_addresses
block can be specified except whenactive_active
of this Virtual Network Gateway istrue
.
VirtualNetworkGatewayBgpSettingsPeeringAddress, VirtualNetworkGatewayBgpSettingsPeeringAddressArgs
- Apipa
Addresses List<string> A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
Note: The valid range for the reserved APIPA address in Azure Public is from
169.254.21.0
to169.254.22.255
.- Default
Addresses List<string> A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
- Ip
Configuration stringName The name of the IP configuration of this Virtual Network Gateway. In case there are multiple
ip_configuration
blocks defined, this property is required to specify.- Tunnel
Ip List<string>Addresses A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
- Apipa
Addresses []string A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
Note: The valid range for the reserved APIPA address in Azure Public is from
169.254.21.0
to169.254.22.255
.- Default
Addresses []string A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
- Ip
Configuration stringName The name of the IP configuration of this Virtual Network Gateway. In case there are multiple
ip_configuration
blocks defined, this property is required to specify.- Tunnel
Ip []stringAddresses A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
- apipa
Addresses List<String> A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
Note: The valid range for the reserved APIPA address in Azure Public is from
169.254.21.0
to169.254.22.255
.- default
Addresses List<String> A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
- ip
Configuration StringName The name of the IP configuration of this Virtual Network Gateway. In case there are multiple
ip_configuration
blocks defined, this property is required to specify.- tunnel
Ip List<String>Addresses A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
- apipa
Addresses string[] A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
Note: The valid range for the reserved APIPA address in Azure Public is from
169.254.21.0
to169.254.22.255
.- default
Addresses string[] A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
- ip
Configuration stringName The name of the IP configuration of this Virtual Network Gateway. In case there are multiple
ip_configuration
blocks defined, this property is required to specify.- tunnel
Ip string[]Addresses A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
- apipa_
addresses Sequence[str] A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
Note: The valid range for the reserved APIPA address in Azure Public is from
169.254.21.0
to169.254.22.255
.- default_
addresses Sequence[str] A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
- ip_
configuration_ strname The name of the IP configuration of this Virtual Network Gateway. In case there are multiple
ip_configuration
blocks defined, this property is required to specify.- tunnel_
ip_ Sequence[str]addresses A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
- apipa
Addresses List<String> A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.
Note: The valid range for the reserved APIPA address in Azure Public is from
169.254.21.0
to169.254.22.255
.- default
Addresses List<String> A list of peering address assigned to the BGP peer of the Virtual Network Gateway.
- ip
Configuration StringName The name of the IP configuration of this Virtual Network Gateway. In case there are multiple
ip_configuration
blocks defined, this property is required to specify.- tunnel
Ip List<String>Addresses A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.
VirtualNetworkGatewayCustomRoute, VirtualNetworkGatewayCustomRouteArgs
- Address
Prefixes List<string> A list of address blocks reserved for this virtual network in CIDR notation.
- Address
Prefixes []string A list of address blocks reserved for this virtual network in CIDR notation.
- address
Prefixes List<String> A list of address blocks reserved for this virtual network in CIDR notation.
- address
Prefixes string[] A list of address blocks reserved for this virtual network in CIDR notation.
- address_
prefixes Sequence[str] A list of address blocks reserved for this virtual network in CIDR notation.
- address
Prefixes List<String> A list of address blocks reserved for this virtual network in CIDR notation.
VirtualNetworkGatewayIpConfiguration, VirtualNetworkGatewayIpConfigurationArgs
- Public
Ip stringAddress Id The ID of the public IP address to associate with the Virtual Network Gateway.
- Subnet
Id string The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named
GatewaySubnet
. Therefore, each virtual network can contain at most a single Virtual Network Gateway.- Name string
A user-defined name of the IP configuration. Defaults to
vnetGatewayConfig
.- Private
Ip stringAddress Allocation Defines how the private IP address of the gateways virtual interface is assigned. Valid options are
Static
orDynamic
. Defaults toDynamic
.
- Public
Ip stringAddress Id The ID of the public IP address to associate with the Virtual Network Gateway.
- Subnet
Id string The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named
GatewaySubnet
. Therefore, each virtual network can contain at most a single Virtual Network Gateway.- Name string
A user-defined name of the IP configuration. Defaults to
vnetGatewayConfig
.- Private
Ip stringAddress Allocation Defines how the private IP address of the gateways virtual interface is assigned. Valid options are
Static
orDynamic
. Defaults toDynamic
.
- public
Ip StringAddress Id The ID of the public IP address to associate with the Virtual Network Gateway.
- subnet
Id String The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named
GatewaySubnet
. Therefore, each virtual network can contain at most a single Virtual Network Gateway.- name String
A user-defined name of the IP configuration. Defaults to
vnetGatewayConfig
.- private
Ip StringAddress Allocation Defines how the private IP address of the gateways virtual interface is assigned. Valid options are
Static
orDynamic
. Defaults toDynamic
.
- public
Ip stringAddress Id The ID of the public IP address to associate with the Virtual Network Gateway.
- subnet
Id string The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named
GatewaySubnet
. Therefore, each virtual network can contain at most a single Virtual Network Gateway.- name string
A user-defined name of the IP configuration. Defaults to
vnetGatewayConfig
.- private
Ip stringAddress Allocation Defines how the private IP address of the gateways virtual interface is assigned. Valid options are
Static
orDynamic
. Defaults toDynamic
.
- public_
ip_ straddress_ id The ID of the public IP address to associate with the Virtual Network Gateway.
- subnet_
id str The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named
GatewaySubnet
. Therefore, each virtual network can contain at most a single Virtual Network Gateway.- name str
A user-defined name of the IP configuration. Defaults to
vnetGatewayConfig
.- private_
ip_ straddress_ allocation Defines how the private IP address of the gateways virtual interface is assigned. Valid options are
Static
orDynamic
. Defaults toDynamic
.
- public
Ip StringAddress Id The ID of the public IP address to associate with the Virtual Network Gateway.
- subnet
Id String The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named
GatewaySubnet
. Therefore, each virtual network can contain at most a single Virtual Network Gateway.- name String
A user-defined name of the IP configuration. Defaults to
vnetGatewayConfig
.- private
Ip StringAddress Allocation Defines how the private IP address of the gateways virtual interface is assigned. Valid options are
Static
orDynamic
. Defaults toDynamic
.
VirtualNetworkGatewayVpnClientConfiguration, VirtualNetworkGatewayVpnClientConfigurationArgs
- Address
Spaces List<string> The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
- Aad
Audience string The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
- Aad
Issuer string The STS url for your tenant
- Aad
Tenant string AzureAD Tenant URL
- Radius
Server stringAddress The address of the Radius server.
- Radius
Server stringSecret The secret used by the Radius server.
- Revoked
Certificates List<VirtualNetwork Gateway Vpn Client Configuration Revoked Certificate> One or more
revoked_certificate
blocks which are defined below.- Root
Certificates List<VirtualNetwork Gateway Vpn Client Configuration Root Certificate> One or more
root_certificate
blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.- Vpn
Auth List<string>Types List of the vpn authentication types for the virtual network gateway. The supported values are
AAD
,Radius
andCertificate
.NOTE:
vpn_auth_types
must be set when using multiple vpn authentication types.- Vpn
Client List<string>Protocols List of the protocols supported by the vpn client. The supported values are
SSTP
,IkeV2
andOpenVPN
. ValuesSSTP
andIkeV2
are incompatible with the use ofaad_tenant
,aad_audience
andaad_issuer
.
- Address
Spaces []string The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
- Aad
Audience string The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
- Aad
Issuer string The STS url for your tenant
- Aad
Tenant string AzureAD Tenant URL
- Radius
Server stringAddress The address of the Radius server.
- Radius
Server stringSecret The secret used by the Radius server.
- Revoked
Certificates []VirtualNetwork Gateway Vpn Client Configuration Revoked Certificate One or more
revoked_certificate
blocks which are defined below.- Root
Certificates []VirtualNetwork Gateway Vpn Client Configuration Root Certificate One or more
root_certificate
blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.- Vpn
Auth []stringTypes List of the vpn authentication types for the virtual network gateway. The supported values are
AAD
,Radius
andCertificate
.NOTE:
vpn_auth_types
must be set when using multiple vpn authentication types.- Vpn
Client []stringProtocols List of the protocols supported by the vpn client. The supported values are
SSTP
,IkeV2
andOpenVPN
. ValuesSSTP
andIkeV2
are incompatible with the use ofaad_tenant
,aad_audience
andaad_issuer
.
- address
Spaces List<String> The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
- aad
Audience String The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
- aad
Issuer String The STS url for your tenant
- aad
Tenant String AzureAD Tenant URL
- radius
Server StringAddress The address of the Radius server.
- radius
Server StringSecret The secret used by the Radius server.
- revoked
Certificates List<VirtualNetwork Gateway Vpn Client Configuration Revoked Certificate> One or more
revoked_certificate
blocks which are defined below.- root
Certificates List<VirtualNetwork Gateway Vpn Client Configuration Root Certificate> One or more
root_certificate
blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.- vpn
Auth List<String>Types List of the vpn authentication types for the virtual network gateway. The supported values are
AAD
,Radius
andCertificate
.NOTE:
vpn_auth_types
must be set when using multiple vpn authentication types.- vpn
Client List<String>Protocols List of the protocols supported by the vpn client. The supported values are
SSTP
,IkeV2
andOpenVPN
. ValuesSSTP
andIkeV2
are incompatible with the use ofaad_tenant
,aad_audience
andaad_issuer
.
- address
Spaces string[] The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
- aad
Audience string The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
- aad
Issuer string The STS url for your tenant
- aad
Tenant string AzureAD Tenant URL
- radius
Server stringAddress The address of the Radius server.
- radius
Server stringSecret The secret used by the Radius server.
- revoked
Certificates VirtualNetwork Gateway Vpn Client Configuration Revoked Certificate[] One or more
revoked_certificate
blocks which are defined below.- root
Certificates VirtualNetwork Gateway Vpn Client Configuration Root Certificate[] One or more
root_certificate
blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.- vpn
Auth string[]Types List of the vpn authentication types for the virtual network gateway. The supported values are
AAD
,Radius
andCertificate
.NOTE:
vpn_auth_types
must be set when using multiple vpn authentication types.- vpn
Client string[]Protocols List of the protocols supported by the vpn client. The supported values are
SSTP
,IkeV2
andOpenVPN
. ValuesSSTP
andIkeV2
are incompatible with the use ofaad_tenant
,aad_audience
andaad_issuer
.
- address_
spaces Sequence[str] The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
- aad_
audience str The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
- aad_
issuer str The STS url for your tenant
- aad_
tenant str AzureAD Tenant URL
- radius_
server_ straddress The address of the Radius server.
- radius_
server_ strsecret The secret used by the Radius server.
- revoked_
certificates Sequence[VirtualNetwork Gateway Vpn Client Configuration Revoked Certificate] One or more
revoked_certificate
blocks which are defined below.- root_
certificates Sequence[VirtualNetwork Gateway Vpn Client Configuration Root Certificate] One or more
root_certificate
blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.- vpn_
auth_ Sequence[str]types List of the vpn authentication types for the virtual network gateway. The supported values are
AAD
,Radius
andCertificate
.NOTE:
vpn_auth_types
must be set when using multiple vpn authentication types.- vpn_
client_ Sequence[str]protocols List of the protocols supported by the vpn client. The supported values are
SSTP
,IkeV2
andOpenVPN
. ValuesSSTP
andIkeV2
are incompatible with the use ofaad_tenant
,aad_audience
andaad_issuer
.
- address
Spaces List<String> The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
- aad
Audience String The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values
- aad
Issuer String The STS url for your tenant
- aad
Tenant String AzureAD Tenant URL
- radius
Server StringAddress The address of the Radius server.
- radius
Server StringSecret The secret used by the Radius server.
- revoked
Certificates List<Property Map> One or more
revoked_certificate
blocks which are defined below.- root
Certificates List<Property Map> One or more
root_certificate
blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.- vpn
Auth List<String>Types List of the vpn authentication types for the virtual network gateway. The supported values are
AAD
,Radius
andCertificate
.NOTE:
vpn_auth_types
must be set when using multiple vpn authentication types.- vpn
Client List<String>Protocols List of the protocols supported by the vpn client. The supported values are
SSTP
,IkeV2
andOpenVPN
. ValuesSSTP
andIkeV2
are incompatible with the use ofaad_tenant
,aad_audience
andaad_issuer
.
VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate, VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs
- Name string
Specifies the name of the certificate resource.
- Thumbprint string
Specifies the public data of the certificate.
- Name string
Specifies the name of the certificate resource.
- Thumbprint string
Specifies the public data of the certificate.
- name String
Specifies the name of the certificate resource.
- thumbprint String
Specifies the public data of the certificate.
- name string
Specifies the name of the certificate resource.
- thumbprint string
Specifies the public data of the certificate.
- name str
Specifies the name of the certificate resource.
- thumbprint str
Specifies the public data of the certificate.
- name String
Specifies the name of the certificate resource.
- thumbprint String
Specifies the public data of the certificate.
VirtualNetworkGatewayVpnClientConfigurationRootCertificate, VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs
- Name string
A user-defined name of the root certificate.
- Public
Cert stringData The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the
-----BEGIN CERTIFICATE-----
or-----END CERTIFICATE-----
markers.
- Name string
A user-defined name of the root certificate.
- Public
Cert stringData The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the
-----BEGIN CERTIFICATE-----
or-----END CERTIFICATE-----
markers.
- name String
A user-defined name of the root certificate.
- public
Cert StringData The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the
-----BEGIN CERTIFICATE-----
or-----END CERTIFICATE-----
markers.
- name string
A user-defined name of the root certificate.
- public
Cert stringData The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the
-----BEGIN CERTIFICATE-----
or-----END CERTIFICATE-----
markers.
- name str
A user-defined name of the root certificate.
- public_
cert_ strdata The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the
-----BEGIN CERTIFICATE-----
or-----END CERTIFICATE-----
markers.
- name String
A user-defined name of the root certificate.
- public
Cert StringData The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the
-----BEGIN CERTIFICATE-----
or-----END CERTIFICATE-----
markers.
Import
Virtual Network Gateways can be imported using the resource id
, e.g.
$ pulumi import azure:network/virtualNetworkGateway:VirtualNetworkGateway exampleGateway /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup1/providers/Microsoft.Network/virtualNetworkGateways/myGateway1
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurerm
Terraform Provider.