azure logo
Azure Classic v5.43.0, May 6 23

azure.network.VirtualNetworkGateway

Explore with Pulumi AI

Manages a Virtual Network Gateway to establish secure, cross-premises connectivity.

Note: Please be aware that provisioning a Virtual Network Gateway takes a long time (between 30 minutes and 1 hour)

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
    {
        Location = "West Europe",
    });

    var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("exampleVirtualNetwork", new()
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        AddressSpaces = new[]
        {
            "10.0.0.0/16",
        },
    });

    var exampleSubnet = new Azure.Network.Subnet("exampleSubnet", new()
    {
        ResourceGroupName = exampleResourceGroup.Name,
        VirtualNetworkName = exampleVirtualNetwork.Name,
        AddressPrefixes = new[]
        {
            "10.0.1.0/24",
        },
    });

    var examplePublicIp = new Azure.Network.PublicIp("examplePublicIp", new()
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        AllocationMethod = "Dynamic",
    });

    var exampleVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("exampleVirtualNetworkGateway", new()
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        Type = "Vpn",
        VpnType = "RouteBased",
        ActiveActive = false,
        EnableBgp = false,
        Sku = "Basic",
        IpConfigurations = new[]
        {
            new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
            {
                Name = "vnetGatewayConfig",
                PublicIpAddressId = examplePublicIp.Id,
                PrivateIpAddressAllocation = "Dynamic",
                SubnetId = exampleSubnet.Id,
            },
        },
        VpnClientConfiguration = new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationArgs
        {
            AddressSpaces = new[]
            {
                "10.2.0.0/24",
            },
            RootCertificates = new[]
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs
                {
                    Name = "DigiCert-Federated-ID-Root-CA",
                    PublicCertData = @"MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
",
                },
            },
            RevokedCertificates = new[]
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs
                {
                    Name = "Verizon-Global-Root-CA",
                    Thumbprint = "912198EEF23DCAC40939312FEE97DD560BAE49B1",
                },
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "exampleVirtualNetwork", &network.VirtualNetworkArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			AddressSpaces: pulumi.StringArray{
				pulumi.String("10.0.0.0/16"),
			},
		})
		if err != nil {
			return err
		}
		exampleSubnet, err := network.NewSubnet(ctx, "exampleSubnet", &network.SubnetArgs{
			ResourceGroupName:  exampleResourceGroup.Name,
			VirtualNetworkName: exampleVirtualNetwork.Name,
			AddressPrefixes: pulumi.StringArray{
				pulumi.String("10.0.1.0/24"),
			},
		})
		if err != nil {
			return err
		}
		examplePublicIp, err := network.NewPublicIp(ctx, "examplePublicIp", &network.PublicIpArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			AllocationMethod:  pulumi.String("Dynamic"),
		})
		if err != nil {
			return err
		}
		_, err = network.NewVirtualNetworkGateway(ctx, "exampleVirtualNetworkGateway", &network.VirtualNetworkGatewayArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Type:              pulumi.String("Vpn"),
			VpnType:           pulumi.String("RouteBased"),
			ActiveActive:      pulumi.Bool(false),
			EnableBgp:         pulumi.Bool(false),
			Sku:               pulumi.String("Basic"),
			IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
				&network.VirtualNetworkGatewayIpConfigurationArgs{
					Name:                       pulumi.String("vnetGatewayConfig"),
					PublicIpAddressId:          examplePublicIp.ID(),
					PrivateIpAddressAllocation: pulumi.String("Dynamic"),
					SubnetId:                   exampleSubnet.ID(),
				},
			},
			VpnClientConfiguration: &network.VirtualNetworkGatewayVpnClientConfigurationArgs{
				AddressSpaces: pulumi.StringArray{
					pulumi.String("10.2.0.0/24"),
				},
				RootCertificates: network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArray{
					&network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs{
						Name:           pulumi.String("DigiCert-Federated-ID-Root-CA"),
						PublicCertData: pulumi.String("MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg\nUm9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV\nBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp\nY2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j\nQPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8\nzAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf\nGTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d\nGTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8\nDk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2\nDwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV\nHQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW\njKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP\n9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR\nQELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL\nuGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn\nWsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq\nM/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=\n"),
					},
				},
				RevokedCertificates: network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArray{
					&network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs{
						Name:       pulumi.String("Verizon-Global-Root-CA"),
						Thumbprint: pulumi.String("912198EEF23DCAC40939312FEE97DD560BAE49B1"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.PublicIp;
import com.pulumi.azure.network.PublicIpArgs;
import com.pulumi.azure.network.VirtualNetworkGateway;
import com.pulumi.azure.network.VirtualNetworkGatewayArgs;
import com.pulumi.azure.network.inputs.VirtualNetworkGatewayIpConfigurationArgs;
import com.pulumi.azure.network.inputs.VirtualNetworkGatewayVpnClientConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .addressSpaces("10.0.0.0/16")
            .build());

        var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()        
            .resourceGroupName(exampleResourceGroup.name())
            .virtualNetworkName(exampleVirtualNetwork.name())
            .addressPrefixes("10.0.1.0/24")
            .build());

        var examplePublicIp = new PublicIp("examplePublicIp", PublicIpArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .allocationMethod("Dynamic")
            .build());

        var exampleVirtualNetworkGateway = new VirtualNetworkGateway("exampleVirtualNetworkGateway", VirtualNetworkGatewayArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .type("Vpn")
            .vpnType("RouteBased")
            .activeActive(false)
            .enableBgp(false)
            .sku("Basic")
            .ipConfigurations(VirtualNetworkGatewayIpConfigurationArgs.builder()
                .name("vnetGatewayConfig")
                .publicIpAddressId(examplePublicIp.id())
                .privateIpAddressAllocation("Dynamic")
                .subnetId(exampleSubnet.id())
                .build())
            .vpnClientConfiguration(VirtualNetworkGatewayVpnClientConfigurationArgs.builder()
                .addressSpaces("10.2.0.0/24")
                .rootCertificates(VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs.builder()
                    .name("DigiCert-Federated-ID-Root-CA")
                    .publicCertData("""
MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
                    """)
                    .build())
                .revokedCertificates(VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs.builder()
                    .name("Verizon-Global-Root-CA")
                    .thumbprint("912198EEF23DCAC40939312FEE97DD560BAE49B1")
                    .build())
                .build())
            .build());

    }
}
import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_virtual_network = azure.network.VirtualNetwork("exampleVirtualNetwork",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    address_spaces=["10.0.0.0/16"])
example_subnet = azure.network.Subnet("exampleSubnet",
    resource_group_name=example_resource_group.name,
    virtual_network_name=example_virtual_network.name,
    address_prefixes=["10.0.1.0/24"])
example_public_ip = azure.network.PublicIp("examplePublicIp",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    allocation_method="Dynamic")
example_virtual_network_gateway = azure.network.VirtualNetworkGateway("exampleVirtualNetworkGateway",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    type="Vpn",
    vpn_type="RouteBased",
    active_active=False,
    enable_bgp=False,
    sku="Basic",
    ip_configurations=[azure.network.VirtualNetworkGatewayIpConfigurationArgs(
        name="vnetGatewayConfig",
        public_ip_address_id=example_public_ip.id,
        private_ip_address_allocation="Dynamic",
        subnet_id=example_subnet.id,
    )],
    vpn_client_configuration=azure.network.VirtualNetworkGatewayVpnClientConfigurationArgs(
        address_spaces=["10.2.0.0/24"],
        root_certificates=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs(
            name="DigiCert-Federated-ID-Root-CA",
            public_cert_data="""MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
""",
        )],
        revoked_certificates=[azure.network.VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs(
            name="Verizon-Global-Root-CA",
            thumbprint="912198EEF23DCAC40939312FEE97DD560BAE49B1",
        )],
    ))
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("exampleVirtualNetwork", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    addressSpaces: ["10.0.0.0/16"],
});
const exampleSubnet = new azure.network.Subnet("exampleSubnet", {
    resourceGroupName: exampleResourceGroup.name,
    virtualNetworkName: exampleVirtualNetwork.name,
    addressPrefixes: ["10.0.1.0/24"],
});
const examplePublicIp = new azure.network.PublicIp("examplePublicIp", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    allocationMethod: "Dynamic",
});
const exampleVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("exampleVirtualNetworkGateway", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    type: "Vpn",
    vpnType: "RouteBased",
    activeActive: false,
    enableBgp: false,
    sku: "Basic",
    ipConfigurations: [{
        name: "vnetGatewayConfig",
        publicIpAddressId: examplePublicIp.id,
        privateIpAddressAllocation: "Dynamic",
        subnetId: exampleSubnet.id,
    }],
    vpnClientConfiguration: {
        addressSpaces: ["10.2.0.0/24"],
        rootCertificates: [{
            name: "DigiCert-Federated-ID-Root-CA",
            publicCertData: `MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
`,
        }],
        revokedCertificates: [{
            name: "Verizon-Global-Root-CA",
            thumbprint: "912198EEF23DCAC40939312FEE97DD560BAE49B1",
        }],
    },
});
resources:
  exampleResourceGroup:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  exampleVirtualNetwork:
    type: azure:network:VirtualNetwork
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      addressSpaces:
        - 10.0.0.0/16
  exampleSubnet:
    type: azure:network:Subnet
    properties:
      resourceGroupName: ${exampleResourceGroup.name}
      virtualNetworkName: ${exampleVirtualNetwork.name}
      addressPrefixes:
        - 10.0.1.0/24
  examplePublicIp:
    type: azure:network:PublicIp
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      allocationMethod: Dynamic
  exampleVirtualNetworkGateway:
    type: azure:network:VirtualNetworkGateway
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      type: Vpn
      vpnType: RouteBased
      activeActive: false
      enableBgp: false
      sku: Basic
      ipConfigurations:
        - name: vnetGatewayConfig
          publicIpAddressId: ${examplePublicIp.id}
          privateIpAddressAllocation: Dynamic
          subnetId: ${exampleSubnet.id}
      vpnClientConfiguration:
        addressSpaces:
          - 10.2.0.0/24
        rootCertificates:
          - name: DigiCert-Federated-ID-Root-CA
            publicCertData: |
              MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
              MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
              d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
              Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
              BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
              Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
              MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
              QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
              zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
              GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
              GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
              Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
              DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
              HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
              jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
              9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
              QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
              uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
              WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
              M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=              
        revokedCertificates:
          - name: Verizon-Global-Root-CA
            thumbprint: 912198EEF23DCAC40939312FEE97DD560BAE49B1

Create VirtualNetworkGateway Resource

new VirtualNetworkGateway(name: string, args: VirtualNetworkGatewayArgs, opts?: CustomResourceOptions);
@overload
def VirtualNetworkGateway(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          active_active: Optional[bool] = None,
                          bgp_settings: Optional[VirtualNetworkGatewayBgpSettingsArgs] = None,
                          custom_route: Optional[VirtualNetworkGatewayCustomRouteArgs] = None,
                          default_local_network_gateway_id: Optional[str] = None,
                          edge_zone: Optional[str] = None,
                          enable_bgp: Optional[bool] = None,
                          generation: Optional[str] = None,
                          ip_configurations: Optional[Sequence[VirtualNetworkGatewayIpConfigurationArgs]] = None,
                          location: Optional[str] = None,
                          name: Optional[str] = None,
                          private_ip_address_enabled: Optional[bool] = None,
                          resource_group_name: Optional[str] = None,
                          sku: Optional[str] = None,
                          tags: Optional[Mapping[str, str]] = None,
                          type: Optional[str] = None,
                          vpn_client_configuration: Optional[VirtualNetworkGatewayVpnClientConfigurationArgs] = None,
                          vpn_type: Optional[str] = None)
@overload
def VirtualNetworkGateway(resource_name: str,
                          args: VirtualNetworkGatewayArgs,
                          opts: Optional[ResourceOptions] = None)
func NewVirtualNetworkGateway(ctx *Context, name string, args VirtualNetworkGatewayArgs, opts ...ResourceOption) (*VirtualNetworkGateway, error)
public VirtualNetworkGateway(string name, VirtualNetworkGatewayArgs args, CustomResourceOptions? opts = null)
public VirtualNetworkGateway(String name, VirtualNetworkGatewayArgs args)
public VirtualNetworkGateway(String name, VirtualNetworkGatewayArgs args, CustomResourceOptions options)
type: azure:network:VirtualNetworkGateway
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args VirtualNetworkGatewayArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args VirtualNetworkGatewayArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args VirtualNetworkGatewayArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args VirtualNetworkGatewayArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args VirtualNetworkGatewayArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

VirtualNetworkGateway Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The VirtualNetworkGateway resource accepts the following input properties:

IpConfigurations List<VirtualNetworkGatewayIpConfigurationArgs>

One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.

ResourceGroupName string

The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.

Sku string

Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

Type string

The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.

ActiveActive bool

If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.

BgpSettings VirtualNetworkGatewayBgpSettingsArgs

A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.

CustomRoute VirtualNetworkGatewayCustomRouteArgs

A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.

DefaultLocalNetworkGatewayId string

The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.

EdgeZone string

Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.

EnableBgp bool

If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.

Generation string

The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

Location string

The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.

Name string

The name of the Virtual Network Gateway. Changing this forces a new resource to be created.

PrivateIpAddressEnabled bool

Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.

Tags Dictionary<string, string>

A mapping of tags to assign to the resource.

VpnClientConfiguration VirtualNetworkGatewayVpnClientConfigurationArgs

A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.

VpnType string

The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

IpConfigurations []VirtualNetworkGatewayIpConfigurationArgs

One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.

ResourceGroupName string

The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.

Sku string

Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

Type string

The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.

ActiveActive bool

If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.

BgpSettings VirtualNetworkGatewayBgpSettingsArgs

A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.

CustomRoute VirtualNetworkGatewayCustomRouteArgs

A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.

DefaultLocalNetworkGatewayId string

The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.

EdgeZone string

Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.

EnableBgp bool

If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.

Generation string

The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

Location string

The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.

Name string

The name of the Virtual Network Gateway. Changing this forces a new resource to be created.

PrivateIpAddressEnabled bool

Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.

Tags map[string]string

A mapping of tags to assign to the resource.

VpnClientConfiguration VirtualNetworkGatewayVpnClientConfigurationArgs

A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.

VpnType string

The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

ipConfigurations List<VirtualNetworkGatewayIpConfigurationArgs>

One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.

resourceGroupName String

The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.

sku String

Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

type String

The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.

activeActive Boolean

If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.

bgpSettings VirtualNetworkGatewayBgpSettingsArgs

A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.

customRoute VirtualNetworkGatewayCustomRouteArgs

A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.

defaultLocalNetworkGatewayId String

The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.

edgeZone String

Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.

enableBgp Boolean

If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.

generation String

The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

location String

The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.

name String

The name of the Virtual Network Gateway. Changing this forces a new resource to be created.

privateIpAddressEnabled Boolean

Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.

tags Map<String,String>

A mapping of tags to assign to the resource.

vpnClientConfiguration VirtualNetworkGatewayVpnClientConfigurationArgs

A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.

vpnType String

The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

ipConfigurations VirtualNetworkGatewayIpConfigurationArgs[]

One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.

resourceGroupName string

The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.

sku string

Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

type string

The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.

activeActive boolean

If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.

bgpSettings VirtualNetworkGatewayBgpSettingsArgs

A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.

customRoute VirtualNetworkGatewayCustomRouteArgs

A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.

defaultLocalNetworkGatewayId string

The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.

edgeZone string

Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.

enableBgp boolean

If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.

generation string

The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

location string

The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.

name string

The name of the Virtual Network Gateway. Changing this forces a new resource to be created.

privateIpAddressEnabled boolean

Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.

tags {[key: string]: string}

A mapping of tags to assign to the resource.

vpnClientConfiguration VirtualNetworkGatewayVpnClientConfigurationArgs

A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.

vpnType string

The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

ip_configurations Sequence[VirtualNetworkGatewayIpConfigurationArgs]

One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.

resource_group_name str

The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.

sku str

Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

type str

The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.

active_active bool

If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.

bgp_settings VirtualNetworkGatewayBgpSettingsArgs

A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.

custom_route VirtualNetworkGatewayCustomRouteArgs

A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.

default_local_network_gateway_id str

The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.

edge_zone str

Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.

enable_bgp bool

If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.

generation str

The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

location str

The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.

name str

The name of the Virtual Network Gateway. Changing this forces a new resource to be created.

private_ip_address_enabled bool

Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.

tags Mapping[str, str]

A mapping of tags to assign to the resource.

vpn_client_configuration VirtualNetworkGatewayVpnClientConfigurationArgs

A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.

vpn_type str

The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

ipConfigurations List<Property Map>

One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.

resourceGroupName String

The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.

sku String

Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

type String

The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.

activeActive Boolean

If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.

bgpSettings Property Map

A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.

customRoute Property Map

A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.

defaultLocalNetworkGatewayId String

The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.

edgeZone String

Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.

enableBgp Boolean

If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.

generation String

The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

location String

The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.

name String

The name of the Virtual Network Gateway. Changing this forces a new resource to be created.

privateIpAddressEnabled Boolean

Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.

tags Map<String>

A mapping of tags to assign to the resource.

vpnClientConfiguration Property Map

A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.

vpnType String

The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

Outputs

All input properties are implicitly available as output properties. Additionally, the VirtualNetworkGateway resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing VirtualNetworkGateway Resource

Get an existing VirtualNetworkGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VirtualNetworkGatewayState, opts?: CustomResourceOptions): VirtualNetworkGateway
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        active_active: Optional[bool] = None,
        bgp_settings: Optional[VirtualNetworkGatewayBgpSettingsArgs] = None,
        custom_route: Optional[VirtualNetworkGatewayCustomRouteArgs] = None,
        default_local_network_gateway_id: Optional[str] = None,
        edge_zone: Optional[str] = None,
        enable_bgp: Optional[bool] = None,
        generation: Optional[str] = None,
        ip_configurations: Optional[Sequence[VirtualNetworkGatewayIpConfigurationArgs]] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        private_ip_address_enabled: Optional[bool] = None,
        resource_group_name: Optional[str] = None,
        sku: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        type: Optional[str] = None,
        vpn_client_configuration: Optional[VirtualNetworkGatewayVpnClientConfigurationArgs] = None,
        vpn_type: Optional[str] = None) -> VirtualNetworkGateway
func GetVirtualNetworkGateway(ctx *Context, name string, id IDInput, state *VirtualNetworkGatewayState, opts ...ResourceOption) (*VirtualNetworkGateway, error)
public static VirtualNetworkGateway Get(string name, Input<string> id, VirtualNetworkGatewayState? state, CustomResourceOptions? opts = null)
public static VirtualNetworkGateway get(String name, Output<String> id, VirtualNetworkGatewayState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
ActiveActive bool

If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.

BgpSettings VirtualNetworkGatewayBgpSettingsArgs

A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.

CustomRoute VirtualNetworkGatewayCustomRouteArgs

A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.

DefaultLocalNetworkGatewayId string

The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.

EdgeZone string

Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.

EnableBgp bool

If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.

Generation string

The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

IpConfigurations List<VirtualNetworkGatewayIpConfigurationArgs>

One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.

Location string

The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.

Name string

The name of the Virtual Network Gateway. Changing this forces a new resource to be created.

PrivateIpAddressEnabled bool

Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.

ResourceGroupName string

The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.

Sku string

Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

Tags Dictionary<string, string>

A mapping of tags to assign to the resource.

Type string

The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.

VpnClientConfiguration VirtualNetworkGatewayVpnClientConfigurationArgs

A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.

VpnType string

The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

ActiveActive bool

If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.

BgpSettings VirtualNetworkGatewayBgpSettingsArgs

A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.

CustomRoute VirtualNetworkGatewayCustomRouteArgs

A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.

DefaultLocalNetworkGatewayId string

The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.

EdgeZone string

Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.

EnableBgp bool

If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.

Generation string

The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

IpConfigurations []VirtualNetworkGatewayIpConfigurationArgs

One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.

Location string

The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.

Name string

The name of the Virtual Network Gateway. Changing this forces a new resource to be created.

PrivateIpAddressEnabled bool

Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.

ResourceGroupName string

The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.

Sku string

Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

Tags map[string]string

A mapping of tags to assign to the resource.

Type string

The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.

VpnClientConfiguration VirtualNetworkGatewayVpnClientConfigurationArgs

A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.

VpnType string

The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

activeActive Boolean

If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.

bgpSettings VirtualNetworkGatewayBgpSettingsArgs

A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.

customRoute VirtualNetworkGatewayCustomRouteArgs

A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.

defaultLocalNetworkGatewayId String

The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.

edgeZone String

Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.

enableBgp Boolean

If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.

generation String

The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

ipConfigurations List<VirtualNetworkGatewayIpConfigurationArgs>

One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.

location String

The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.

name String

The name of the Virtual Network Gateway. Changing this forces a new resource to be created.

privateIpAddressEnabled Boolean

Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.

resourceGroupName String

The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.

sku String

Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

tags Map<String,String>

A mapping of tags to assign to the resource.

type String

The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.

vpnClientConfiguration VirtualNetworkGatewayVpnClientConfigurationArgs

A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.

vpnType String

The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

activeActive boolean

If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.

bgpSettings VirtualNetworkGatewayBgpSettingsArgs

A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.

customRoute VirtualNetworkGatewayCustomRouteArgs

A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.

defaultLocalNetworkGatewayId string

The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.

edgeZone string

Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.

enableBgp boolean

If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.

generation string

The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

ipConfigurations VirtualNetworkGatewayIpConfigurationArgs[]

One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.

location string

The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.

name string

The name of the Virtual Network Gateway. Changing this forces a new resource to be created.

privateIpAddressEnabled boolean

Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.

resourceGroupName string

The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.

sku string

Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

tags {[key: string]: string}

A mapping of tags to assign to the resource.

type string

The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.

vpnClientConfiguration VirtualNetworkGatewayVpnClientConfigurationArgs

A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.

vpnType string

The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

active_active bool

If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.

bgp_settings VirtualNetworkGatewayBgpSettingsArgs

A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.

custom_route VirtualNetworkGatewayCustomRouteArgs

A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.

default_local_network_gateway_id str

The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.

edge_zone str

Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.

enable_bgp bool

If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.

generation str

The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

ip_configurations Sequence[VirtualNetworkGatewayIpConfigurationArgs]

One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.

location str

The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.

name str

The name of the Virtual Network Gateway. Changing this forces a new resource to be created.

private_ip_address_enabled bool

Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.

resource_group_name str

The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.

sku str

Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

tags Mapping[str, str]

A mapping of tags to assign to the resource.

type str

The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.

vpn_client_configuration VirtualNetworkGatewayVpnClientConfigurationArgs

A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.

vpn_type str

The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

activeActive Boolean

If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance SKU. If false, an active-standby gateway will be created. Defaults to false.

bgpSettings Property Map

A bgp_settings block which is documented below. In this block the BGP specific settings can be defined.

customRoute Property Map

A custom_route block as defined below. Specifies a custom routes address space for a virtual network gateway and a VpnClient.

defaultLocalNetworkGatewayId String

The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.

edgeZone String

Specifies the Edge Zone within the Azure Region where this Virtual Network Gateway should exist. Changing this forces a new Virtual Network Gateway to be created.

enableBgp Boolean

If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.

generation String

The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None. Changing this forces a new resource to be created.

ipConfigurations List<Property Map>

One, two or three ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block, an active-active gateway requires exactly two ip_configuration blocks whereas an active-active zone redundant gateway with P2S configuration requires exactly three ip_configuration blocks.

location String

The location/region where the Virtual Network Gateway is located. Changing this forces a new resource to be created.

name String

The name of the Virtual Network Gateway. Changing this forces a new resource to be created.

privateIpAddressEnabled Boolean

Should private IP be enabled on this gateway for connections? Changing this forces a new resource to be created.

resourceGroupName String

The name of the resource group in which to create the Virtual Network Gateway. Changing this forces a new resource to be created.

sku String

Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic SKU. Further, the UltraPerformance SKU is only supported by an ExpressRoute gateway.

tags Map<String>

A mapping of tags to assign to the resource.

type String

The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.

vpnClientConfiguration Property Map

A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.

vpnType String

The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased. Changing this forces a new resource to be created.

Supporting Types

VirtualNetworkGatewayBgpSettings

Asn int

The Autonomous System Number (ASN) to use as part of the BGP.

PeerWeight int

The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.

PeeringAddresses List<VirtualNetworkGatewayBgpSettingsPeeringAddress>

A list of peering_addresses as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.

Asn int

The Autonomous System Number (ASN) to use as part of the BGP.

PeerWeight int

The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.

PeeringAddresses []VirtualNetworkGatewayBgpSettingsPeeringAddress

A list of peering_addresses as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.

asn Integer

The Autonomous System Number (ASN) to use as part of the BGP.

peerWeight Integer

The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.

peeringAddresses List<VirtualNetworkGatewayBgpSettingsPeeringAddress>

A list of peering_addresses as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.

asn number

The Autonomous System Number (ASN) to use as part of the BGP.

peerWeight number

The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.

peeringAddresses VirtualNetworkGatewayBgpSettingsPeeringAddress[]

A list of peering_addresses as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.

asn int

The Autonomous System Number (ASN) to use as part of the BGP.

peer_weight int

The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.

peering_addresses Sequence[VirtualNetworkGatewayBgpSettingsPeeringAddress]

A list of peering_addresses as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.

asn Number

The Autonomous System Number (ASN) to use as part of the BGP.

peerWeight Number

The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.

peeringAddresses List<Property Map>

A list of peering_addresses as defined below. Only one peering_addresses block can be specified except when active_active of this Virtual Network Gateway is true.

VirtualNetworkGatewayBgpSettingsPeeringAddress

ApipaAddresses List<string>

A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.

DefaultAddresses List<string>

A list of peering address assigned to the BGP peer of the Virtual Network Gateway.

IpConfigurationName string

The name of the IP configuration of this Virtual Network Gateway. In case there are multiple ip_configuration blocks defined, this property is required to specify.

TunnelIpAddresses List<string>

A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.

ApipaAddresses []string

A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.

DefaultAddresses []string

A list of peering address assigned to the BGP peer of the Virtual Network Gateway.

IpConfigurationName string

The name of the IP configuration of this Virtual Network Gateway. In case there are multiple ip_configuration blocks defined, this property is required to specify.

TunnelIpAddresses []string

A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.

apipaAddresses List<String>

A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.

defaultAddresses List<String>

A list of peering address assigned to the BGP peer of the Virtual Network Gateway.

ipConfigurationName String

The name of the IP configuration of this Virtual Network Gateway. In case there are multiple ip_configuration blocks defined, this property is required to specify.

tunnelIpAddresses List<String>

A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.

apipaAddresses string[]

A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.

defaultAddresses string[]

A list of peering address assigned to the BGP peer of the Virtual Network Gateway.

ipConfigurationName string

The name of the IP configuration of this Virtual Network Gateway. In case there are multiple ip_configuration blocks defined, this property is required to specify.

tunnelIpAddresses string[]

A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.

apipa_addresses Sequence[str]

A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.

default_addresses Sequence[str]

A list of peering address assigned to the BGP peer of the Virtual Network Gateway.

ip_configuration_name str

The name of the IP configuration of this Virtual Network Gateway. In case there are multiple ip_configuration blocks defined, this property is required to specify.

tunnel_ip_addresses Sequence[str]

A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.

apipaAddresses List<String>

A list of Azure custom APIPA addresses assigned to the BGP peer of the Virtual Network Gateway.

defaultAddresses List<String>

A list of peering address assigned to the BGP peer of the Virtual Network Gateway.

ipConfigurationName String

The name of the IP configuration of this Virtual Network Gateway. In case there are multiple ip_configuration blocks defined, this property is required to specify.

tunnelIpAddresses List<String>

A list of tunnel IP addresses assigned to the BGP peer of the Virtual Network Gateway.

VirtualNetworkGatewayCustomRoute

AddressPrefixes List<string>

A list of address blocks reserved for this virtual network in CIDR notation as defined below.

AddressPrefixes []string

A list of address blocks reserved for this virtual network in CIDR notation as defined below.

addressPrefixes List<String>

A list of address blocks reserved for this virtual network in CIDR notation as defined below.

addressPrefixes string[]

A list of address blocks reserved for this virtual network in CIDR notation as defined below.

address_prefixes Sequence[str]

A list of address blocks reserved for this virtual network in CIDR notation as defined below.

addressPrefixes List<String>

A list of address blocks reserved for this virtual network in CIDR notation as defined below.

VirtualNetworkGatewayIpConfiguration

PublicIpAddressId string

The ID of the public IP address to associate with the Virtual Network Gateway.

SubnetId string

The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.

Name string

A user-defined name of the IP configuration. Defaults to vnetGatewayConfig.

PrivateIpAddressAllocation string

Defines how the private IP address of the gateways virtual interface is assigned. Valid options are Static or Dynamic. Defaults to Dynamic.

PublicIpAddressId string

The ID of the public IP address to associate with the Virtual Network Gateway.

SubnetId string

The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.

Name string

A user-defined name of the IP configuration. Defaults to vnetGatewayConfig.

PrivateIpAddressAllocation string

Defines how the private IP address of the gateways virtual interface is assigned. Valid options are Static or Dynamic. Defaults to Dynamic.

publicIpAddressId String

The ID of the public IP address to associate with the Virtual Network Gateway.

subnetId String

The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.

name String

A user-defined name of the IP configuration. Defaults to vnetGatewayConfig.

privateIpAddressAllocation String

Defines how the private IP address of the gateways virtual interface is assigned. Valid options are Static or Dynamic. Defaults to Dynamic.

publicIpAddressId string

The ID of the public IP address to associate with the Virtual Network Gateway.

subnetId string

The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.

name string

A user-defined name of the IP configuration. Defaults to vnetGatewayConfig.

privateIpAddressAllocation string

Defines how the private IP address of the gateways virtual interface is assigned. Valid options are Static or Dynamic. Defaults to Dynamic.

public_ip_address_id str

The ID of the public IP address to associate with the Virtual Network Gateway.

subnet_id str

The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.

name str

A user-defined name of the IP configuration. Defaults to vnetGatewayConfig.

private_ip_address_allocation str

Defines how the private IP address of the gateways virtual interface is assigned. Valid options are Static or Dynamic. Defaults to Dynamic.

publicIpAddressId String

The ID of the public IP address to associate with the Virtual Network Gateway.

subnetId String

The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.

name String

A user-defined name of the IP configuration. Defaults to vnetGatewayConfig.

privateIpAddressAllocation String

Defines how the private IP address of the gateways virtual interface is assigned. Valid options are Static or Dynamic. Defaults to Dynamic.

VirtualNetworkGatewayVpnClientConfiguration

AddressSpaces List<string>

The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.

AadAudience string

The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values

AadIssuer string

The STS url for your tenant

AadTenant string

AzureAD Tenant URL

RadiusServerAddress string

The address of the Radius server.

RadiusServerSecret string

The secret used by the Radius server.

RevokedCertificates List<VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate>

One or more revoked_certificate blocks which are defined below.

RootCertificates List<VirtualNetworkGatewayVpnClientConfigurationRootCertificate>

One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.

VpnAuthTypes List<string>

List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.

VpnClientProtocols List<string>

List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.

AddressSpaces []string

The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.

AadAudience string

The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values

AadIssuer string

The STS url for your tenant

AadTenant string

AzureAD Tenant URL

RadiusServerAddress string

The address of the Radius server.

RadiusServerSecret string

The secret used by the Radius server.

RevokedCertificates []VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate

One or more revoked_certificate blocks which are defined below.

RootCertificates []VirtualNetworkGatewayVpnClientConfigurationRootCertificate

One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.

VpnAuthTypes []string

List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.

VpnClientProtocols []string

List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.

addressSpaces List<String>

The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.

aadAudience String

The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values

aadIssuer String

The STS url for your tenant

aadTenant String

AzureAD Tenant URL

radiusServerAddress String

The address of the Radius server.

radiusServerSecret String

The secret used by the Radius server.

revokedCertificates List<VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate>

One or more revoked_certificate blocks which are defined below.

rootCertificates List<VirtualNetworkGatewayVpnClientConfigurationRootCertificate>

One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.

vpnAuthTypes List<String>

List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.

vpnClientProtocols List<String>

List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.

addressSpaces string[]

The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.

aadAudience string

The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values

aadIssuer string

The STS url for your tenant

aadTenant string

AzureAD Tenant URL

radiusServerAddress string

The address of the Radius server.

radiusServerSecret string

The secret used by the Radius server.

revokedCertificates VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate[]

One or more revoked_certificate blocks which are defined below.

rootCertificates VirtualNetworkGatewayVpnClientConfigurationRootCertificate[]

One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.

vpnAuthTypes string[]

List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.

vpnClientProtocols string[]

List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.

address_spaces Sequence[str]

The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.

aad_audience str

The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values

aad_issuer str

The STS url for your tenant

aad_tenant str

AzureAD Tenant URL

radius_server_address str

The address of the Radius server.

radius_server_secret str

The secret used by the Radius server.

revoked_certificates Sequence[VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate]

One or more revoked_certificate blocks which are defined below.

root_certificates Sequence[VirtualNetworkGatewayVpnClientConfigurationRootCertificate]

One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.

vpn_auth_types Sequence[str]

List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.

vpn_client_protocols Sequence[str]

List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.

addressSpaces List<String>

The address space out of which IP addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.

aadAudience String

The client id of the Azure VPN application. See Create an Active Directory (AD) tenant for P2S OpenVPN protocol connections for values

aadIssuer String

The STS url for your tenant

aadTenant String

AzureAD Tenant URL

radiusServerAddress String

The address of the Radius server.

radiusServerSecret String

The secret used by the Radius server.

revokedCertificates List<Property Map>

One or more revoked_certificate blocks which are defined below.

rootCertificates List<Property Map>

One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway.

vpnAuthTypes List<String>

List of the vpn authentication types for the virtual network gateway. The supported values are AAD, Radius and Certificate.

vpnClientProtocols List<String>

List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN. Values SSTP and IkeV2 are incompatible with the use of aad_tenant, aad_audience and aad_issuer.

VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate

Name string

Specifies the name of the certificate resource.

Thumbprint string

Specifies the public data of the certificate.

Name string

Specifies the name of the certificate resource.

Thumbprint string

Specifies the public data of the certificate.

name String

Specifies the name of the certificate resource.

thumbprint String

Specifies the public data of the certificate.

name string

Specifies the name of the certificate resource.

thumbprint string

Specifies the public data of the certificate.

name str

Specifies the name of the certificate resource.

thumbprint str

Specifies the public data of the certificate.

name String

Specifies the name of the certificate resource.

thumbprint String

Specifies the public data of the certificate.

VirtualNetworkGatewayVpnClientConfigurationRootCertificate

Name string

A user-defined name of the root certificate.

PublicCertData string

The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- markers.

Name string

A user-defined name of the root certificate.

PublicCertData string

The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- markers.

name String

A user-defined name of the root certificate.

publicCertData String

The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- markers.

name string

A user-defined name of the root certificate.

publicCertData string

The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- markers.

name str

A user-defined name of the root certificate.

public_cert_data str

The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- markers.

name String

A user-defined name of the root certificate.

publicCertData String

The public certificate of the root certificate authority. The certificate must be provided in Base-64 encoded X.509 format (PEM). In particular, this argument must not include the -----BEGIN CERTIFICATE----- or -----END CERTIFICATE----- markers.

Import

Virtual Network Gateways can be imported using the resource id, e.g.

 $ pulumi import azure:network/virtualNetworkGateway:VirtualNetworkGateway exampleGateway /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup1/providers/Microsoft.Network/virtualNetworkGateways/myGateway1

Package Details

Repository
Azure Classic pulumi/pulumi-azure
License
Apache-2.0
Notes

This Pulumi package is based on the azurerm Terraform Provider.