azure.network.VirtualNetworkGatewayConnection (v4)

Azure v4.42.0 (4.x), Mar 9 26

We recommend using Azure Native.

Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-azure

We recommend using Azure Native.

Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-azure

Example Usage

Site-to-Site connection

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
        {
            Location = "West US",
        });
        var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("exampleVirtualNetwork", new Azure.Network.VirtualNetworkArgs
        {
            Location = exampleResourceGroup.Location,
            ResourceGroupName = exampleResourceGroup.Name,
            AddressSpaces = 
            {
                "10.0.0.0/16",
            },
        });
        var exampleSubnet = new Azure.Network.Subnet("exampleSubnet", new Azure.Network.SubnetArgs
        {
            ResourceGroupName = exampleResourceGroup.Name,
            VirtualNetworkName = exampleVirtualNetwork.Name,
            AddressPrefixes = 
            {
                "10.0.1.0/24",
            },
        });
        var onpremiseLocalNetworkGateway = new Azure.Network.LocalNetworkGateway("onpremiseLocalNetworkGateway", new Azure.Network.LocalNetworkGatewayArgs
        {
            Location = exampleResourceGroup.Location,
            ResourceGroupName = exampleResourceGroup.Name,
            GatewayAddress = "168.62.225.23",
            AddressSpaces = 
            {
                "10.1.1.0/24",
            },
        });
        var examplePublicIp = new Azure.Network.PublicIp("examplePublicIp", new Azure.Network.PublicIpArgs
        {
            Location = exampleResourceGroup.Location,
            ResourceGroupName = exampleResourceGroup.Name,
            AllocationMethod = "Dynamic",
        });
        var exampleVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("exampleVirtualNetworkGateway", new Azure.Network.VirtualNetworkGatewayArgs
        {
            Location = exampleResourceGroup.Location,
            ResourceGroupName = exampleResourceGroup.Name,
            Type = "Vpn",
            VpnType = "RouteBased",
            ActiveActive = false,
            EnableBgp = false,
            Sku = "Basic",
            IpConfigurations = 
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
                {
                    PublicIpAddressId = examplePublicIp.Id,
                    PrivateIpAddressAllocation = "Dynamic",
                    SubnetId = exampleSubnet.Id,
                },
            },
        });
        var onpremiseVirtualNetworkGatewayConnection = new Azure.Network.VirtualNetworkGatewayConnection("onpremiseVirtualNetworkGatewayConnection", new Azure.Network.VirtualNetworkGatewayConnectionArgs
        {
            Location = exampleResourceGroup.Location,
            ResourceGroupName = exampleResourceGroup.Name,
            Type = "IPsec",
            VirtualNetworkGatewayId = exampleVirtualNetworkGateway.Id,
            LocalNetworkGatewayId = onpremiseLocalNetworkGateway.Id,
            SharedKey = "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
        });
    }

}

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West US"),
		})
		if err != nil {
			return err
		}
		exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "exampleVirtualNetwork", &network.VirtualNetworkArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			AddressSpaces: pulumi.StringArray{
				pulumi.String("10.0.0.0/16"),
			},
		})
		if err != nil {
			return err
		}
		exampleSubnet, err := network.NewSubnet(ctx, "exampleSubnet", &network.SubnetArgs{
			ResourceGroupName:  exampleResourceGroup.Name,
			VirtualNetworkName: exampleVirtualNetwork.Name,
			AddressPrefixes: pulumi.StringArray{
				pulumi.String("10.0.1.0/24"),
			},
		})
		if err != nil {
			return err
		}
		onpremiseLocalNetworkGateway, err := network.NewLocalNetworkGateway(ctx, "onpremiseLocalNetworkGateway", &network.LocalNetworkGatewayArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			GatewayAddress:    pulumi.String("168.62.225.23"),
			AddressSpaces: pulumi.StringArray{
				pulumi.String("10.1.1.0/24"),
			},
		})
		if err != nil {
			return err
		}
		examplePublicIp, err := network.NewPublicIp(ctx, "examplePublicIp", &network.PublicIpArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			AllocationMethod:  pulumi.String("Dynamic"),
		})
		if err != nil {
			return err
		}
		exampleVirtualNetworkGateway, err := network.NewVirtualNetworkGateway(ctx, "exampleVirtualNetworkGateway", &network.VirtualNetworkGatewayArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Type:              pulumi.String("Vpn"),
			VpnType:           pulumi.String("RouteBased"),
			ActiveActive:      pulumi.Bool(false),
			EnableBgp:         pulumi.Bool(false),
			Sku:               pulumi.String("Basic"),
			IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
				&network.VirtualNetworkGatewayIpConfigurationArgs{
					PublicIpAddressId:          examplePublicIp.ID(),
					PrivateIpAddressAllocation: pulumi.String("Dynamic"),
					SubnetId:                   exampleSubnet.ID(),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = network.NewVirtualNetworkGatewayConnection(ctx, "onpremiseVirtualNetworkGatewayConnection", &network.VirtualNetworkGatewayConnectionArgs{
			Location:                exampleResourceGroup.Location,
			ResourceGroupName:       exampleResourceGroup.Name,
			Type:                    pulumi.String("IPsec"),
			VirtualNetworkGatewayId: exampleVirtualNetworkGateway.ID(),
			LocalNetworkGatewayId:   onpremiseLocalNetworkGateway.ID(),
			SharedKey:               pulumi.String("4-v3ry-53cr37-1p53c-5h4r3d-k3y"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Example coming soon!

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West US"});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("exampleVirtualNetwork", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    addressSpaces: ["10.0.0.0/16"],
});
const exampleSubnet = new azure.network.Subnet("exampleSubnet", {
    resourceGroupName: exampleResourceGroup.name,
    virtualNetworkName: exampleVirtualNetwork.name,
    addressPrefixes: ["10.0.1.0/24"],
});
const onpremiseLocalNetworkGateway = new azure.network.LocalNetworkGateway("onpremiseLocalNetworkGateway", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    gatewayAddress: "168.62.225.23",
    addressSpaces: ["10.1.1.0/24"],
});
const examplePublicIp = new azure.network.PublicIp("examplePublicIp", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    allocationMethod: "Dynamic",
});
const exampleVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("exampleVirtualNetworkGateway", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    type: "Vpn",
    vpnType: "RouteBased",
    activeActive: false,
    enableBgp: false,
    sku: "Basic",
    ipConfigurations: [{
        publicIpAddressId: examplePublicIp.id,
        privateIpAddressAllocation: "Dynamic",
        subnetId: exampleSubnet.id,
    }],
});
const onpremiseVirtualNetworkGatewayConnection = new azure.network.VirtualNetworkGatewayConnection("onpremiseVirtualNetworkGatewayConnection", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    type: "IPsec",
    virtualNetworkGatewayId: exampleVirtualNetworkGateway.id,
    localNetworkGatewayId: onpremiseLocalNetworkGateway.id,
    sharedKey: "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
});

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West US")
example_virtual_network = azure.network.VirtualNetwork("exampleVirtualNetwork",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    address_spaces=["10.0.0.0/16"])
example_subnet = azure.network.Subnet("exampleSubnet",
    resource_group_name=example_resource_group.name,
    virtual_network_name=example_virtual_network.name,
    address_prefixes=["10.0.1.0/24"])
onpremise_local_network_gateway = azure.network.LocalNetworkGateway("onpremiseLocalNetworkGateway",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    gateway_address="168.62.225.23",
    address_spaces=["10.1.1.0/24"])
example_public_ip = azure.network.PublicIp("examplePublicIp",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    allocation_method="Dynamic")
example_virtual_network_gateway = azure.network.VirtualNetworkGateway("exampleVirtualNetworkGateway",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    type="Vpn",
    vpn_type="RouteBased",
    active_active=False,
    enable_bgp=False,
    sku="Basic",
    ip_configurations=[azure.network.VirtualNetworkGatewayIpConfigurationArgs(
        public_ip_address_id=example_public_ip.id,
        private_ip_address_allocation="Dynamic",
        subnet_id=example_subnet.id,
    )])
onpremise_virtual_network_gateway_connection = azure.network.VirtualNetworkGatewayConnection("onpremiseVirtualNetworkGatewayConnection",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    type="IPsec",
    virtual_network_gateway_id=example_virtual_network_gateway.id,
    local_network_gateway_id=onpremise_local_network_gateway.id,
    shared_key="4-v3ry-53cr37-1p53c-5h4r3d-k3y")

Example coming soon!

VNet-to-VNet connection

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
    public MyStack()
    {
        var usResourceGroup = new Azure.Core.ResourceGroup("usResourceGroup", new Azure.Core.ResourceGroupArgs
        {
            Location = "East US",
        });
        var usVirtualNetwork = new Azure.Network.VirtualNetwork("usVirtualNetwork", new Azure.Network.VirtualNetworkArgs
        {
            Location = usResourceGroup.Location,
            ResourceGroupName = usResourceGroup.Name,
            AddressSpaces = 
            {
                "10.0.0.0/16",
            },
        });
        var usGateway = new Azure.Network.Subnet("usGateway", new Azure.Network.SubnetArgs
        {
            ResourceGroupName = usResourceGroup.Name,
            VirtualNetworkName = usVirtualNetwork.Name,
            AddressPrefixes = 
            {
                "10.0.1.0/24",
            },
        });
        var usPublicIp = new Azure.Network.PublicIp("usPublicIp", new Azure.Network.PublicIpArgs
        {
            Location = usResourceGroup.Location,
            ResourceGroupName = usResourceGroup.Name,
            AllocationMethod = "Dynamic",
        });
        var usVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("usVirtualNetworkGateway", new Azure.Network.VirtualNetworkGatewayArgs
        {
            Location = usResourceGroup.Location,
            ResourceGroupName = usResourceGroup.Name,
            Type = "Vpn",
            VpnType = "RouteBased",
            Sku = "Basic",
            IpConfigurations = 
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
                {
                    PublicIpAddressId = usPublicIp.Id,
                    PrivateIpAddressAllocation = "Dynamic",
                    SubnetId = usGateway.Id,
                },
            },
        });
        var europeResourceGroup = new Azure.Core.ResourceGroup("europeResourceGroup", new Azure.Core.ResourceGroupArgs
        {
            Location = "West Europe",
        });
        var europeVirtualNetwork = new Azure.Network.VirtualNetwork("europeVirtualNetwork", new Azure.Network.VirtualNetworkArgs
        {
            Location = europeResourceGroup.Location,
            ResourceGroupName = europeResourceGroup.Name,
            AddressSpaces = 
            {
                "10.1.0.0/16",
            },
        });
        var europeGateway = new Azure.Network.Subnet("europeGateway", new Azure.Network.SubnetArgs
        {
            ResourceGroupName = europeResourceGroup.Name,
            VirtualNetworkName = europeVirtualNetwork.Name,
            AddressPrefixes = 
            {
                "10.1.1.0/24",
            },
        });
        var europePublicIp = new Azure.Network.PublicIp("europePublicIp", new Azure.Network.PublicIpArgs
        {
            Location = europeResourceGroup.Location,
            ResourceGroupName = europeResourceGroup.Name,
            AllocationMethod = "Dynamic",
        });
        var europeVirtualNetworkGateway = new Azure.Network.VirtualNetworkGateway("europeVirtualNetworkGateway", new Azure.Network.VirtualNetworkGatewayArgs
        {
            Location = europeResourceGroup.Location,
            ResourceGroupName = europeResourceGroup.Name,
            Type = "Vpn",
            VpnType = "RouteBased",
            Sku = "Basic",
            IpConfigurations = 
            {
                new Azure.Network.Inputs.VirtualNetworkGatewayIpConfigurationArgs
                {
                    PublicIpAddressId = europePublicIp.Id,
                    PrivateIpAddressAllocation = "Dynamic",
                    SubnetId = europeGateway.Id,
                },
            },
        });
        var usToEurope = new Azure.Network.VirtualNetworkGatewayConnection("usToEurope", new Azure.Network.VirtualNetworkGatewayConnectionArgs
        {
            Location = usResourceGroup.Location,
            ResourceGroupName = usResourceGroup.Name,
            Type = "Vnet2Vnet",
            VirtualNetworkGatewayId = usVirtualNetworkGateway.Id,
            PeerVirtualNetworkGatewayId = europeVirtualNetworkGateway.Id,
            SharedKey = "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
        });
        var europeToUs = new Azure.Network.VirtualNetworkGatewayConnection("europeToUs", new Azure.Network.VirtualNetworkGatewayConnectionArgs
        {
            Location = europeResourceGroup.Location,
            ResourceGroupName = europeResourceGroup.Name,
            Type = "Vnet2Vnet",
            VirtualNetworkGatewayId = europeVirtualNetworkGateway.Id,
            PeerVirtualNetworkGatewayId = usVirtualNetworkGateway.Id,
            SharedKey = "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
        });
    }

}

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		usResourceGroup, err := core.NewResourceGroup(ctx, "usResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("East US"),
		})
		if err != nil {
			return err
		}
		usVirtualNetwork, err := network.NewVirtualNetwork(ctx, "usVirtualNetwork", &network.VirtualNetworkArgs{
			Location:          usResourceGroup.Location,
			ResourceGroupName: usResourceGroup.Name,
			AddressSpaces: pulumi.StringArray{
				pulumi.String("10.0.0.0/16"),
			},
		})
		if err != nil {
			return err
		}
		usGateway, err := network.NewSubnet(ctx, "usGateway", &network.SubnetArgs{
			ResourceGroupName:  usResourceGroup.Name,
			VirtualNetworkName: usVirtualNetwork.Name,
			AddressPrefixes: pulumi.StringArray{
				pulumi.String("10.0.1.0/24"),
			},
		})
		if err != nil {
			return err
		}
		usPublicIp, err := network.NewPublicIp(ctx, "usPublicIp", &network.PublicIpArgs{
			Location:          usResourceGroup.Location,
			ResourceGroupName: usResourceGroup.Name,
			AllocationMethod:  pulumi.String("Dynamic"),
		})
		if err != nil {
			return err
		}
		usVirtualNetworkGateway, err := network.NewVirtualNetworkGateway(ctx, "usVirtualNetworkGateway", &network.VirtualNetworkGatewayArgs{
			Location:          usResourceGroup.Location,
			ResourceGroupName: usResourceGroup.Name,
			Type:              pulumi.String("Vpn"),
			VpnType:           pulumi.String("RouteBased"),
			Sku:               pulumi.String("Basic"),
			IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
				&network.VirtualNetworkGatewayIpConfigurationArgs{
					PublicIpAddressId:          usPublicIp.ID(),
					PrivateIpAddressAllocation: pulumi.String("Dynamic"),
					SubnetId:                   usGateway.ID(),
				},
			},
		})
		if err != nil {
			return err
		}
		europeResourceGroup, err := core.NewResourceGroup(ctx, "europeResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		europeVirtualNetwork, err := network.NewVirtualNetwork(ctx, "europeVirtualNetwork", &network.VirtualNetworkArgs{
			Location:          europeResourceGroup.Location,
			ResourceGroupName: europeResourceGroup.Name,
			AddressSpaces: pulumi.StringArray{
				pulumi.String("10.1.0.0/16"),
			},
		})
		if err != nil {
			return err
		}
		europeGateway, err := network.NewSubnet(ctx, "europeGateway", &network.SubnetArgs{
			ResourceGroupName:  europeResourceGroup.Name,
			VirtualNetworkName: europeVirtualNetwork.Name,
			AddressPrefixes: pulumi.StringArray{
				pulumi.String("10.1.1.0/24"),
			},
		})
		if err != nil {
			return err
		}
		europePublicIp, err := network.NewPublicIp(ctx, "europePublicIp", &network.PublicIpArgs{
			Location:          europeResourceGroup.Location,
			ResourceGroupName: europeResourceGroup.Name,
			AllocationMethod:  pulumi.String("Dynamic"),
		})
		if err != nil {
			return err
		}
		europeVirtualNetworkGateway, err := network.NewVirtualNetworkGateway(ctx, "europeVirtualNetworkGateway", &network.VirtualNetworkGatewayArgs{
			Location:          europeResourceGroup.Location,
			ResourceGroupName: europeResourceGroup.Name,
			Type:              pulumi.String("Vpn"),
			VpnType:           pulumi.String("RouteBased"),
			Sku:               pulumi.String("Basic"),
			IpConfigurations: network.VirtualNetworkGatewayIpConfigurationArray{
				&network.VirtualNetworkGatewayIpConfigurationArgs{
					PublicIpAddressId:          europePublicIp.ID(),
					PrivateIpAddressAllocation: pulumi.String("Dynamic"),
					SubnetId:                   europeGateway.ID(),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = network.NewVirtualNetworkGatewayConnection(ctx, "usToEurope", &network.VirtualNetworkGatewayConnectionArgs{
			Location:                    usResourceGroup.Location,
			ResourceGroupName:           usResourceGroup.Name,
			Type:                        pulumi.String("Vnet2Vnet"),
			VirtualNetworkGatewayId:     usVirtualNetworkGateway.ID(),
			PeerVirtualNetworkGatewayId: europeVirtualNetworkGateway.ID(),
			SharedKey:                   pulumi.String("4-v3ry-53cr37-1p53c-5h4r3d-k3y"),
		})
		if err != nil {
			return err
		}
		_, err = network.NewVirtualNetworkGatewayConnection(ctx, "europeToUs", &network.VirtualNetworkGatewayConnectionArgs{
			Location:                    europeResourceGroup.Location,
			ResourceGroupName:           europeResourceGroup.Name,
			Type:                        pulumi.String("Vnet2Vnet"),
			VirtualNetworkGatewayId:     europeVirtualNetworkGateway.ID(),
			PeerVirtualNetworkGatewayId: usVirtualNetworkGateway.ID(),
			SharedKey:                   pulumi.String("4-v3ry-53cr37-1p53c-5h4r3d-k3y"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Example coming soon!

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const usResourceGroup = new azure.core.ResourceGroup("usResourceGroup", {location: "East US"});
const usVirtualNetwork = new azure.network.VirtualNetwork("usVirtualNetwork", {
    location: usResourceGroup.location,
    resourceGroupName: usResourceGroup.name,
    addressSpaces: ["10.0.0.0/16"],
});
const usGateway = new azure.network.Subnet("usGateway", {
    resourceGroupName: usResourceGroup.name,
    virtualNetworkName: usVirtualNetwork.name,
    addressPrefixes: ["10.0.1.0/24"],
});
const usPublicIp = new azure.network.PublicIp("usPublicIp", {
    location: usResourceGroup.location,
    resourceGroupName: usResourceGroup.name,
    allocationMethod: "Dynamic",
});
const usVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("usVirtualNetworkGateway", {
    location: usResourceGroup.location,
    resourceGroupName: usResourceGroup.name,
    type: "Vpn",
    vpnType: "RouteBased",
    sku: "Basic",
    ipConfigurations: [{
        publicIpAddressId: usPublicIp.id,
        privateIpAddressAllocation: "Dynamic",
        subnetId: usGateway.id,
    }],
});
const europeResourceGroup = new azure.core.ResourceGroup("europeResourceGroup", {location: "West Europe"});
const europeVirtualNetwork = new azure.network.VirtualNetwork("europeVirtualNetwork", {
    location: europeResourceGroup.location,
    resourceGroupName: europeResourceGroup.name,
    addressSpaces: ["10.1.0.0/16"],
});
const europeGateway = new azure.network.Subnet("europeGateway", {
    resourceGroupName: europeResourceGroup.name,
    virtualNetworkName: europeVirtualNetwork.name,
    addressPrefixes: ["10.1.1.0/24"],
});
const europePublicIp = new azure.network.PublicIp("europePublicIp", {
    location: europeResourceGroup.location,
    resourceGroupName: europeResourceGroup.name,
    allocationMethod: "Dynamic",
});
const europeVirtualNetworkGateway = new azure.network.VirtualNetworkGateway("europeVirtualNetworkGateway", {
    location: europeResourceGroup.location,
    resourceGroupName: europeResourceGroup.name,
    type: "Vpn",
    vpnType: "RouteBased",
    sku: "Basic",
    ipConfigurations: [{
        publicIpAddressId: europePublicIp.id,
        privateIpAddressAllocation: "Dynamic",
        subnetId: europeGateway.id,
    }],
});
const usToEurope = new azure.network.VirtualNetworkGatewayConnection("usToEurope", {
    location: usResourceGroup.location,
    resourceGroupName: usResourceGroup.name,
    type: "Vnet2Vnet",
    virtualNetworkGatewayId: usVirtualNetworkGateway.id,
    peerVirtualNetworkGatewayId: europeVirtualNetworkGateway.id,
    sharedKey: "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
});
const europeToUs = new azure.network.VirtualNetworkGatewayConnection("europeToUs", {
    location: europeResourceGroup.location,
    resourceGroupName: europeResourceGroup.name,
    type: "Vnet2Vnet",
    virtualNetworkGatewayId: europeVirtualNetworkGateway.id,
    peerVirtualNetworkGatewayId: usVirtualNetworkGateway.id,
    sharedKey: "4-v3ry-53cr37-1p53c-5h4r3d-k3y",
});

import pulumi
import pulumi_azure as azure

us_resource_group = azure.core.ResourceGroup("usResourceGroup", location="East US")
us_virtual_network = azure.network.VirtualNetwork("usVirtualNetwork",
    location=us_resource_group.location,
    resource_group_name=us_resource_group.name,
    address_spaces=["10.0.0.0/16"])
us_gateway = azure.network.Subnet("usGateway",
    resource_group_name=us_resource_group.name,
    virtual_network_name=us_virtual_network.name,
    address_prefixes=["10.0.1.0/24"])
us_public_ip = azure.network.PublicIp("usPublicIp",
    location=us_resource_group.location,
    resource_group_name=us_resource_group.name,
    allocation_method="Dynamic")
us_virtual_network_gateway = azure.network.VirtualNetworkGateway("usVirtualNetworkGateway",
    location=us_resource_group.location,
    resource_group_name=us_resource_group.name,
    type="Vpn",
    vpn_type="RouteBased",
    sku="Basic",
    ip_configurations=[azure.network.VirtualNetworkGatewayIpConfigurationArgs(
        public_ip_address_id=us_public_ip.id,
        private_ip_address_allocation="Dynamic",
        subnet_id=us_gateway.id,
    )])
europe_resource_group = azure.core.ResourceGroup("europeResourceGroup", location="West Europe")
europe_virtual_network = azure.network.VirtualNetwork("europeVirtualNetwork",
    location=europe_resource_group.location,
    resource_group_name=europe_resource_group.name,
    address_spaces=["10.1.0.0/16"])
europe_gateway = azure.network.Subnet("europeGateway",
    resource_group_name=europe_resource_group.name,
    virtual_network_name=europe_virtual_network.name,
    address_prefixes=["10.1.1.0/24"])
europe_public_ip = azure.network.PublicIp("europePublicIp",
    location=europe_resource_group.location,
    resource_group_name=europe_resource_group.name,
    allocation_method="Dynamic")
europe_virtual_network_gateway = azure.network.VirtualNetworkGateway("europeVirtualNetworkGateway",
    location=europe_resource_group.location,
    resource_group_name=europe_resource_group.name,
    type="Vpn",
    vpn_type="RouteBased",
    sku="Basic",
    ip_configurations=[azure.network.VirtualNetworkGatewayIpConfigurationArgs(
        public_ip_address_id=europe_public_ip.id,
        private_ip_address_allocation="Dynamic",
        subnet_id=europe_gateway.id,
    )])
us_to_europe = azure.network.VirtualNetworkGatewayConnection("usToEurope",
    location=us_resource_group.location,
    resource_group_name=us_resource_group.name,
    type="Vnet2Vnet",
    virtual_network_gateway_id=us_virtual_network_gateway.id,
    peer_virtual_network_gateway_id=europe_virtual_network_gateway.id,
    shared_key="4-v3ry-53cr37-1p53c-5h4r3d-k3y")
europe_to_us = azure.network.VirtualNetworkGatewayConnection("europeToUs",
    location=europe_resource_group.location,
    resource_group_name=europe_resource_group.name,
    type="Vnet2Vnet",
    virtual_network_gateway_id=europe_virtual_network_gateway.id,
    peer_virtual_network_gateway_id=us_virtual_network_gateway.id,
    shared_key="4-v3ry-53cr37-1p53c-5h4r3d-k3y")

Example coming soon!

Create VirtualNetworkGatewayConnection Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new VirtualNetworkGatewayConnection(name: string, args: VirtualNetworkGatewayConnectionArgs, opts?: CustomResourceOptions);

@overload
def VirtualNetworkGatewayConnection(resource_name: str,
                                    args: VirtualNetworkGatewayConnectionArgs,
                                    opts: Optional[ResourceOptions] = None)

@overload
def VirtualNetworkGatewayConnection(resource_name: str,
                                    opts: Optional[ResourceOptions] = None,
                                    resource_group_name: Optional[str] = None,
                                    virtual_network_gateway_id: Optional[str] = None,
                                    type: Optional[str] = None,
                                    location: Optional[str] = None,
                                    peer_virtual_network_gateway_id: Optional[str] = None,
                                    express_route_circuit_id: Optional[str] = None,
                                    express_route_gateway_bypass: Optional[bool] = None,
                                    ipsec_policy: Optional[VirtualNetworkGatewayConnectionIpsecPolicyArgs] = None,
                                    local_azure_ip_address_enabled: Optional[bool] = None,
                                    local_network_gateway_id: Optional[str] = None,
                                    authorization_key: Optional[str] = None,
                                    name: Optional[str] = None,
                                    enable_bgp: Optional[bool] = None,
                                    dpd_timeout_seconds: Optional[int] = None,
                                    routing_weight: Optional[int] = None,
                                    shared_key: Optional[str] = None,
                                    tags: Optional[Mapping[str, str]] = None,
                                    traffic_selector_policy: Optional[VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs] = None,
                                    connection_protocol: Optional[str] = None,
                                    use_policy_based_traffic_selectors: Optional[bool] = None,
                                    connection_mode: Optional[str] = None)

func NewVirtualNetworkGatewayConnection(ctx *Context, name string, args VirtualNetworkGatewayConnectionArgs, opts ...ResourceOption) (*VirtualNetworkGatewayConnection, error)

public VirtualNetworkGatewayConnection(string name, VirtualNetworkGatewayConnectionArgs args, CustomResourceOptions? opts = null)

public VirtualNetworkGatewayConnection(String name, VirtualNetworkGatewayConnectionArgs args)
public VirtualNetworkGatewayConnection(String name, VirtualNetworkGatewayConnectionArgs args, CustomResourceOptions options)

type: azure:network:VirtualNetworkGatewayConnection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args VirtualNetworkGatewayConnectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args VirtualNetworkGatewayConnectionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args VirtualNetworkGatewayConnectionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args VirtualNetworkGatewayConnectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args VirtualNetworkGatewayConnectionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var virtualNetworkGatewayConnectionResource = new Azure.Network.VirtualNetworkGatewayConnection("virtualNetworkGatewayConnectionResource", new()
{
    ResourceGroupName = "string",
    VirtualNetworkGatewayId = "string",
    Type = "string",
    Location = "string",
    PeerVirtualNetworkGatewayId = "string",
    ExpressRouteCircuitId = "string",
    ExpressRouteGatewayBypass = false,
    IpsecPolicy = new Azure.Network.Inputs.VirtualNetworkGatewayConnectionIpsecPolicyArgs
    {
        DhGroup = "string",
        IkeEncryption = "string",
        IkeIntegrity = "string",
        IpsecEncryption = "string",
        IpsecIntegrity = "string",
        PfsGroup = "string",
        SaDatasize = 0,
        SaLifetime = 0,
    },
    LocalAzureIpAddressEnabled = false,
    LocalNetworkGatewayId = "string",
    AuthorizationKey = "string",
    Name = "string",
    EnableBgp = false,
    DpdTimeoutSeconds = 0,
    RoutingWeight = 0,
    SharedKey = "string",
    Tags = 
    {
        { "string", "string" },
    },
    TrafficSelectorPolicy = new Azure.Network.Inputs.VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs
    {
        LocalAddressCidrs = new[]
        {
            "string",
        },
        RemoteAddressCidrs = new[]
        {
            "string",
        },
    },
    ConnectionProtocol = "string",
    UsePolicyBasedTrafficSelectors = false,
    ConnectionMode = "string",
});

example, err := network.NewVirtualNetworkGatewayConnection(ctx, "virtualNetworkGatewayConnectionResource", &network.VirtualNetworkGatewayConnectionArgs{
	ResourceGroupName:           pulumi.String("string"),
	VirtualNetworkGatewayId:     pulumi.String("string"),
	Type:                        pulumi.String("string"),
	Location:                    pulumi.String("string"),
	PeerVirtualNetworkGatewayId: pulumi.String("string"),
	ExpressRouteCircuitId:       pulumi.String("string"),
	ExpressRouteGatewayBypass:   pulumi.Bool(false),
	IpsecPolicy: &network.VirtualNetworkGatewayConnectionIpsecPolicyArgs{
		DhGroup:         pulumi.String("string"),
		IkeEncryption:   pulumi.String("string"),
		IkeIntegrity:    pulumi.String("string"),
		IpsecEncryption: pulumi.String("string"),
		IpsecIntegrity:  pulumi.String("string"),
		PfsGroup:        pulumi.String("string"),
		SaDatasize:      pulumi.Int(0),
		SaLifetime:      pulumi.Int(0),
	},
	LocalAzureIpAddressEnabled: pulumi.Bool(false),
	LocalNetworkGatewayId:      pulumi.String("string"),
	AuthorizationKey:           pulumi.String("string"),
	Name:                       pulumi.String("string"),
	EnableBgp:                  pulumi.Bool(false),
	DpdTimeoutSeconds:          pulumi.Int(0),
	RoutingWeight:              pulumi.Int(0),
	SharedKey:                  pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	TrafficSelectorPolicy: &network.VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs{
		LocalAddressCidrs: pulumi.StringArray{
			pulumi.String("string"),
		},
		RemoteAddressCidrs: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	ConnectionProtocol:             pulumi.String("string"),
	UsePolicyBasedTrafficSelectors: pulumi.Bool(false),
	ConnectionMode:                 pulumi.String("string"),
})

var virtualNetworkGatewayConnectionResource = new VirtualNetworkGatewayConnection("virtualNetworkGatewayConnectionResource", VirtualNetworkGatewayConnectionArgs.builder()
    .resourceGroupName("string")
    .virtualNetworkGatewayId("string")
    .type("string")
    .location("string")
    .peerVirtualNetworkGatewayId("string")
    .expressRouteCircuitId("string")
    .expressRouteGatewayBypass(false)
    .ipsecPolicy(VirtualNetworkGatewayConnectionIpsecPolicyArgs.builder()
        .dhGroup("string")
        .ikeEncryption("string")
        .ikeIntegrity("string")
        .ipsecEncryption("string")
        .ipsecIntegrity("string")
        .pfsGroup("string")
        .saDatasize(0)
        .saLifetime(0)
        .build())
    .localAzureIpAddressEnabled(false)
    .localNetworkGatewayId("string")
    .authorizationKey("string")
    .name("string")
    .enableBgp(false)
    .dpdTimeoutSeconds(0)
    .routingWeight(0)
    .sharedKey("string")
    .tags(Map.of("string", "string"))
    .trafficSelectorPolicy(VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs.builder()
        .localAddressCidrs("string")
        .remoteAddressCidrs("string")
        .build())
    .connectionProtocol("string")
    .usePolicyBasedTrafficSelectors(false)
    .connectionMode("string")
    .build());

virtual_network_gateway_connection_resource = azure.network.VirtualNetworkGatewayConnection("virtualNetworkGatewayConnectionResource",
    resource_group_name="string",
    virtual_network_gateway_id="string",
    type="string",
    location="string",
    peer_virtual_network_gateway_id="string",
    express_route_circuit_id="string",
    express_route_gateway_bypass=False,
    ipsec_policy={
        "dh_group": "string",
        "ike_encryption": "string",
        "ike_integrity": "string",
        "ipsec_encryption": "string",
        "ipsec_integrity": "string",
        "pfs_group": "string",
        "sa_datasize": 0,
        "sa_lifetime": 0,
    },
    local_azure_ip_address_enabled=False,
    local_network_gateway_id="string",
    authorization_key="string",
    name="string",
    enable_bgp=False,
    dpd_timeout_seconds=0,
    routing_weight=0,
    shared_key="string",
    tags={
        "string": "string",
    },
    traffic_selector_policy={
        "local_address_cidrs": ["string"],
        "remote_address_cidrs": ["string"],
    },
    connection_protocol="string",
    use_policy_based_traffic_selectors=False,
    connection_mode="string")

const virtualNetworkGatewayConnectionResource = new azure.network.VirtualNetworkGatewayConnection("virtualNetworkGatewayConnectionResource", {
    resourceGroupName: "string",
    virtualNetworkGatewayId: "string",
    type: "string",
    location: "string",
    peerVirtualNetworkGatewayId: "string",
    expressRouteCircuitId: "string",
    expressRouteGatewayBypass: false,
    ipsecPolicy: {
        dhGroup: "string",
        ikeEncryption: "string",
        ikeIntegrity: "string",
        ipsecEncryption: "string",
        ipsecIntegrity: "string",
        pfsGroup: "string",
        saDatasize: 0,
        saLifetime: 0,
    },
    localAzureIpAddressEnabled: false,
    localNetworkGatewayId: "string",
    authorizationKey: "string",
    name: "string",
    enableBgp: false,
    dpdTimeoutSeconds: 0,
    routingWeight: 0,
    sharedKey: "string",
    tags: {
        string: "string",
    },
    trafficSelectorPolicy: {
        localAddressCidrs: ["string"],
        remoteAddressCidrs: ["string"],
    },
    connectionProtocol: "string",
    usePolicyBasedTrafficSelectors: false,
    connectionMode: "string",
});

type: azure:network:VirtualNetworkGatewayConnection
properties:
    authorizationKey: string
    connectionMode: string
    connectionProtocol: string
    dpdTimeoutSeconds: 0
    enableBgp: false
    expressRouteCircuitId: string
    expressRouteGatewayBypass: false
    ipsecPolicy:
        dhGroup: string
        ikeEncryption: string
        ikeIntegrity: string
        ipsecEncryption: string
        ipsecIntegrity: string
        pfsGroup: string
        saDatasize: 0
        saLifetime: 0
    localAzureIpAddressEnabled: false
    localNetworkGatewayId: string
    location: string
    name: string
    peerVirtualNetworkGatewayId: string
    resourceGroupName: string
    routingWeight: 0
    sharedKey: string
    tags:
        string: string
    trafficSelectorPolicy:
        localAddressCidrs:
            - string
        remoteAddressCidrs:
            - string
    type: string
    usePolicyBasedTrafficSelectors: false
    virtualNetworkGatewayId: string

VirtualNetworkGatewayConnection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The VirtualNetworkGatewayConnection resource accepts the following input properties:

ResourceGroupName string: The name of the resource group in which to create the connection Changing the name forces a new resource to be created.
Type string: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.
VirtualNetworkGatewayId string: The ID of the Virtual Network Gateway in which the connection will be created. Changing the gateway forces a new resource to be created.
AuthorizationKey string: The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
ConnectionMode string: Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
ConnectionProtocol string: The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this value will force a resource to be created.
Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.
DpdTimeoutSeconds int: The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
EnableBgp bool: If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
ExpressRouteCircuitId string: The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription.
ExpressRouteGatewayBypass bool: If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
IpsecPolicy VirtualNetworkGatewayConnectionIpsecPolicy: A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
LocalAzureIpAddressEnabled bool: Use private local Azure IP for the connection. Changing this forces a new resource to be created.
LocalNetworkGatewayId string: The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
Location string: The location/region where the connection is located. Changing this forces a new resource to be created.
Name string: The name of the connection. Changing the name forces a new resource to be created.
PeerVirtualNetworkGatewayId string: The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription.
RoutingWeight int: The routing weight. Defaults to 10.
SharedKey string: The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
TrafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicy: A traffic_selector_policy which allows to specify traffic selector policy proposal to be used in a virtual network gateway connection. Only one block can be defined for a connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
UsePolicyBasedTrafficSelectors bool: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.

ResourceGroupName string: The name of the resource group in which to create the connection Changing the name forces a new resource to be created.
Type string: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.
VirtualNetworkGatewayId string: The ID of the Virtual Network Gateway in which the connection will be created. Changing the gateway forces a new resource to be created.
AuthorizationKey string: The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
ConnectionMode string: Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
ConnectionProtocol string: The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this value will force a resource to be created.
Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.
DpdTimeoutSeconds int: The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
EnableBgp bool: If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
ExpressRouteCircuitId string: The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription.
ExpressRouteGatewayBypass bool: If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
IpsecPolicy VirtualNetworkGatewayConnectionIpsecPolicyArgs: A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
LocalAzureIpAddressEnabled bool: Use private local Azure IP for the connection. Changing this forces a new resource to be created.
LocalNetworkGatewayId string: The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
Location string: The location/region where the connection is located. Changing this forces a new resource to be created.
Name string: The name of the connection. Changing the name forces a new resource to be created.
PeerVirtualNetworkGatewayId string: The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription.
RoutingWeight int: The routing weight. Defaults to 10.
SharedKey string: The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
Tags map[string]string: A mapping of tags to assign to the resource.
TrafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs: A traffic_selector_policy which allows to specify traffic selector policy proposal to be used in a virtual network gateway connection. Only one block can be defined for a connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
UsePolicyBasedTrafficSelectors bool: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.

resourceGroupName String: The name of the resource group in which to create the connection Changing the name forces a new resource to be created.
type String: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.
virtualNetworkGatewayId String: The ID of the Virtual Network Gateway in which the connection will be created. Changing the gateway forces a new resource to be created.
authorizationKey String: The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
connectionMode String: Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
connectionProtocol String: The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this value will force a resource to be created.
Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.
dpdTimeoutSeconds Integer: The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
enableBgp Boolean: If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
expressRouteCircuitId String: The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription.
expressRouteGatewayBypass Boolean: If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
ipsecPolicy VirtualNetworkGatewayConnectionIpsecPolicy: A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
localAzureIpAddressEnabled Boolean: Use private local Azure IP for the connection. Changing this forces a new resource to be created.
localNetworkGatewayId String: The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
location String: The location/region where the connection is located. Changing this forces a new resource to be created.
name String: The name of the connection. Changing the name forces a new resource to be created.
peerVirtualNetworkGatewayId String: The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription.
routingWeight Integer: The routing weight. Defaults to 10.
sharedKey String: The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
tags Map<String,String>: A mapping of tags to assign to the resource.
trafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicy: A traffic_selector_policy which allows to specify traffic selector policy proposal to be used in a virtual network gateway connection. Only one block can be defined for a connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
usePolicyBasedTrafficSelectors Boolean: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.

resourceGroupName string: The name of the resource group in which to create the connection Changing the name forces a new resource to be created.
type string: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.
virtualNetworkGatewayId string: The ID of the Virtual Network Gateway in which the connection will be created. Changing the gateway forces a new resource to be created.
authorizationKey string: The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
connectionMode string: Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
connectionProtocol string: The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this value will force a resource to be created.
Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.
dpdTimeoutSeconds number: The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
enableBgp boolean: If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
expressRouteCircuitId string: The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription.
expressRouteGatewayBypass boolean: If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
ipsecPolicy VirtualNetworkGatewayConnectionIpsecPolicy: A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
localAzureIpAddressEnabled boolean: Use private local Azure IP for the connection. Changing this forces a new resource to be created.
localNetworkGatewayId string: The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
location string: The location/region where the connection is located. Changing this forces a new resource to be created.
name string: The name of the connection. Changing the name forces a new resource to be created.
peerVirtualNetworkGatewayId string: The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription.
routingWeight number: The routing weight. Defaults to 10.
sharedKey string: The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
tags {[key: string]: string}: A mapping of tags to assign to the resource.
trafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicy: A traffic_selector_policy which allows to specify traffic selector policy proposal to be used in a virtual network gateway connection. Only one block can be defined for a connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
usePolicyBasedTrafficSelectors boolean: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.

resource_group_name str: The name of the resource group in which to create the connection Changing the name forces a new resource to be created.
type str: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.
virtual_network_gateway_id str: The ID of the Virtual Network Gateway in which the connection will be created. Changing the gateway forces a new resource to be created.
authorization_key str: The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
connection_mode str: Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
connection_protocol str: The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this value will force a resource to be created.
Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.
dpd_timeout_seconds int: The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
enable_bgp bool: If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
express_route_circuit_id str: The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription.
express_route_gateway_bypass bool: If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
ipsec_policy VirtualNetworkGatewayConnectionIpsecPolicyArgs: A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
local_azure_ip_address_enabled bool: Use private local Azure IP for the connection. Changing this forces a new resource to be created.
local_network_gateway_id str: The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
location str: The location/region where the connection is located. Changing this forces a new resource to be created.
name str: The name of the connection. Changing the name forces a new resource to be created.
peer_virtual_network_gateway_id str: The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription.
routing_weight int: The routing weight. Defaults to 10.
shared_key str: The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
tags Mapping[str, str]: A mapping of tags to assign to the resource.
traffic_selector_policy VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs: A traffic_selector_policy which allows to specify traffic selector policy proposal to be used in a virtual network gateway connection. Only one block can be defined for a connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
use_policy_based_traffic_selectors bool: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.

resourceGroupName String: The name of the resource group in which to create the connection Changing the name forces a new resource to be created.
type String: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.
virtualNetworkGatewayId String: The ID of the Virtual Network Gateway in which the connection will be created. Changing the gateway forces a new resource to be created.
authorizationKey String: The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
connectionMode String: Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
connectionProtocol String: The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this value will force a resource to be created.
Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.
dpdTimeoutSeconds Number: The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
enableBgp Boolean: If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
expressRouteCircuitId String: The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription.
expressRouteGatewayBypass Boolean: If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
ipsecPolicy Property Map: A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
localAzureIpAddressEnabled Boolean: Use private local Azure IP for the connection. Changing this forces a new resource to be created.
localNetworkGatewayId String: The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
location String: The location/region where the connection is located. Changing this forces a new resource to be created.
name String: The name of the connection. Changing the name forces a new resource to be created.
peerVirtualNetworkGatewayId String: The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription.
routingWeight Number: The routing weight. Defaults to 10.
sharedKey String: The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
tags Map<String>: A mapping of tags to assign to the resource.
trafficSelectorPolicy Property Map: A traffic_selector_policy which allows to specify traffic selector policy proposal to be used in a virtual network gateway connection. Only one block can be defined for a connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
usePolicyBasedTrafficSelectors Boolean: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.

Outputs

All input properties are implicitly available as output properties. Additionally, the VirtualNetworkGatewayConnection resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing VirtualNetworkGatewayConnection Resource

Get an existing VirtualNetworkGatewayConnection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VirtualNetworkGatewayConnectionState, opts?: CustomResourceOptions): VirtualNetworkGatewayConnection

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authorization_key: Optional[str] = None,
        connection_mode: Optional[str] = None,
        connection_protocol: Optional[str] = None,
        dpd_timeout_seconds: Optional[int] = None,
        enable_bgp: Optional[bool] = None,
        express_route_circuit_id: Optional[str] = None,
        express_route_gateway_bypass: Optional[bool] = None,
        ipsec_policy: Optional[VirtualNetworkGatewayConnectionIpsecPolicyArgs] = None,
        local_azure_ip_address_enabled: Optional[bool] = None,
        local_network_gateway_id: Optional[str] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        peer_virtual_network_gateway_id: Optional[str] = None,
        resource_group_name: Optional[str] = None,
        routing_weight: Optional[int] = None,
        shared_key: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        traffic_selector_policy: Optional[VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs] = None,
        type: Optional[str] = None,
        use_policy_based_traffic_selectors: Optional[bool] = None,
        virtual_network_gateway_id: Optional[str] = None) -> VirtualNetworkGatewayConnection

func GetVirtualNetworkGatewayConnection(ctx *Context, name string, id IDInput, state *VirtualNetworkGatewayConnectionState, opts ...ResourceOption) (*VirtualNetworkGatewayConnection, error)

public static VirtualNetworkGatewayConnection Get(string name, Input<string> id, VirtualNetworkGatewayConnectionState? state, CustomResourceOptions? opts = null)

public static VirtualNetworkGatewayConnection get(String name, Output<String> id, VirtualNetworkGatewayConnectionState state, CustomResourceOptions options)

resources:  _:    type: azure:network:VirtualNetworkGatewayConnection    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthorizationKey string: The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
ConnectionMode string: Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
ConnectionProtocol string: The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this value will force a resource to be created.
Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.
DpdTimeoutSeconds int: The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
EnableBgp bool: If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
ExpressRouteCircuitId string: The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription.
ExpressRouteGatewayBypass bool: If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
IpsecPolicy VirtualNetworkGatewayConnectionIpsecPolicy: A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
LocalAzureIpAddressEnabled bool: Use private local Azure IP for the connection. Changing this forces a new resource to be created.
LocalNetworkGatewayId string: The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
Location string: The location/region where the connection is located. Changing this forces a new resource to be created.
Name string: The name of the connection. Changing the name forces a new resource to be created.
PeerVirtualNetworkGatewayId string: The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription.
ResourceGroupName string: The name of the resource group in which to create the connection Changing the name forces a new resource to be created.
RoutingWeight int: The routing weight. Defaults to 10.
SharedKey string: The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
TrafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicy: A traffic_selector_policy which allows to specify traffic selector policy proposal to be used in a virtual network gateway connection. Only one block can be defined for a connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
Type string: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.
UsePolicyBasedTrafficSelectors bool: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
VirtualNetworkGatewayId string: The ID of the Virtual Network Gateway in which the connection will be created. Changing the gateway forces a new resource to be created.

AuthorizationKey string: The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
ConnectionMode string: Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
ConnectionProtocol string: The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this value will force a resource to be created.
Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.
DpdTimeoutSeconds int: The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
EnableBgp bool: If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
ExpressRouteCircuitId string: The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription.
ExpressRouteGatewayBypass bool: If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
IpsecPolicy VirtualNetworkGatewayConnectionIpsecPolicyArgs: A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
LocalAzureIpAddressEnabled bool: Use private local Azure IP for the connection. Changing this forces a new resource to be created.
LocalNetworkGatewayId string: The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
Location string: The location/region where the connection is located. Changing this forces a new resource to be created.
Name string: The name of the connection. Changing the name forces a new resource to be created.
PeerVirtualNetworkGatewayId string: The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription.
ResourceGroupName string: The name of the resource group in which to create the connection Changing the name forces a new resource to be created.
RoutingWeight int: The routing weight. Defaults to 10.
SharedKey string: The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
Tags map[string]string: A mapping of tags to assign to the resource.
TrafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs: A traffic_selector_policy which allows to specify traffic selector policy proposal to be used in a virtual network gateway connection. Only one block can be defined for a connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
Type string: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.
UsePolicyBasedTrafficSelectors bool: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
VirtualNetworkGatewayId string: The ID of the Virtual Network Gateway in which the connection will be created. Changing the gateway forces a new resource to be created.

authorizationKey String: The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
connectionMode String: Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
connectionProtocol String: The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this value will force a resource to be created.
Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.
dpdTimeoutSeconds Integer: The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
enableBgp Boolean: If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
expressRouteCircuitId String: The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription.
expressRouteGatewayBypass Boolean: If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
ipsecPolicy VirtualNetworkGatewayConnectionIpsecPolicy: A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
localAzureIpAddressEnabled Boolean: Use private local Azure IP for the connection. Changing this forces a new resource to be created.
localNetworkGatewayId String: The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
location String: The location/region where the connection is located. Changing this forces a new resource to be created.
name String: The name of the connection. Changing the name forces a new resource to be created.
peerVirtualNetworkGatewayId String: The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription.
resourceGroupName String: The name of the resource group in which to create the connection Changing the name forces a new resource to be created.
routingWeight Integer: The routing weight. Defaults to 10.
sharedKey String: The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
tags Map<String,String>: A mapping of tags to assign to the resource.
trafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicy: A traffic_selector_policy which allows to specify traffic selector policy proposal to be used in a virtual network gateway connection. Only one block can be defined for a connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
type String: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.
usePolicyBasedTrafficSelectors Boolean: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
virtualNetworkGatewayId String: The ID of the Virtual Network Gateway in which the connection will be created. Changing the gateway forces a new resource to be created.

authorizationKey string: The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
connectionMode string: Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
connectionProtocol string: The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this value will force a resource to be created.
Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.
dpdTimeoutSeconds number: The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
enableBgp boolean: If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
expressRouteCircuitId string: The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription.
expressRouteGatewayBypass boolean: If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
ipsecPolicy VirtualNetworkGatewayConnectionIpsecPolicy: A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
localAzureIpAddressEnabled boolean: Use private local Azure IP for the connection. Changing this forces a new resource to be created.
localNetworkGatewayId string: The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
location string: The location/region where the connection is located. Changing this forces a new resource to be created.
name string: The name of the connection. Changing the name forces a new resource to be created.
peerVirtualNetworkGatewayId string: The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription.
resourceGroupName string: The name of the resource group in which to create the connection Changing the name forces a new resource to be created.
routingWeight number: The routing weight. Defaults to 10.
sharedKey string: The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
tags {[key: string]: string}: A mapping of tags to assign to the resource.
trafficSelectorPolicy VirtualNetworkGatewayConnectionTrafficSelectorPolicy: A traffic_selector_policy which allows to specify traffic selector policy proposal to be used in a virtual network gateway connection. Only one block can be defined for a connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
type string: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.
usePolicyBasedTrafficSelectors boolean: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
virtualNetworkGatewayId string: The ID of the Virtual Network Gateway in which the connection will be created. Changing the gateway forces a new resource to be created.

authorization_key str: The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
connection_mode str: Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
connection_protocol str: The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this value will force a resource to be created.
Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.
dpd_timeout_seconds int: The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
enable_bgp bool: If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
express_route_circuit_id str: The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription.
express_route_gateway_bypass bool: If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
ipsec_policy VirtualNetworkGatewayConnectionIpsecPolicyArgs: A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
local_azure_ip_address_enabled bool: Use private local Azure IP for the connection. Changing this forces a new resource to be created.
local_network_gateway_id str: The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
location str: The location/region where the connection is located. Changing this forces a new resource to be created.
name str: The name of the connection. Changing the name forces a new resource to be created.
peer_virtual_network_gateway_id str: The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription.
resource_group_name str: The name of the resource group in which to create the connection Changing the name forces a new resource to be created.
routing_weight int: The routing weight. Defaults to 10.
shared_key str: The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
tags Mapping[str, str]: A mapping of tags to assign to the resource.
traffic_selector_policy VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs: A traffic_selector_policy which allows to specify traffic selector policy proposal to be used in a virtual network gateway connection. Only one block can be defined for a connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
type str: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.
use_policy_based_traffic_selectors bool: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
virtual_network_gateway_id str: The ID of the Virtual Network Gateway in which the connection will be created. Changing the gateway forces a new resource to be created.

authorizationKey String: The authorization key associated with the Express Route Circuit. This field is required only if the type is an ExpressRoute connection.
connectionMode String: Connection mode to use. Possible values are Default, InitiatorOnly and ResponderOnly. Defaults to Default. Changing this value will force a resource to be created.
connectionProtocol String: The IKE protocol version to use. Possible values are IKEv1 and IKEv2. Defaults to IKEv2. Changing this value will force a resource to be created.
Note: Only valid for IPSec connections on virtual network gateways with SKU VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ or VpnGw3AZ.
dpdTimeoutSeconds Number: The dead peer detection timeout of this connection in seconds. Changing this forces a new resource to be created.
enableBgp Boolean: If true, BGP (Border Gateway Protocol) is enabled for this connection. Defaults to false.
expressRouteCircuitId String: The ID of the Express Route Circuit when creating an ExpressRoute connection (i.e. when type is ExpressRoute). The Express Route Circuit can be in the same or in a different subscription.
expressRouteGatewayBypass Boolean: If true, data packets will bypass ExpressRoute Gateway for data forwarding This is only valid for ExpressRoute connections.
ipsecPolicy Property Map: A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
localAzureIpAddressEnabled Boolean: Use private local Azure IP for the connection. Changing this forces a new resource to be created.
localNetworkGatewayId String: The ID of the local network gateway when creating Site-to-Site connection (i.e. when type is IPsec).
location String: The location/region where the connection is located. Changing this forces a new resource to be created.
name String: The name of the connection. Changing the name forces a new resource to be created.
peerVirtualNetworkGatewayId String: The ID of the peer virtual network gateway when creating a VNet-to-VNet connection (i.e. when type is Vnet2Vnet). The peer Virtual Network Gateway can be in the same or in a different subscription.
resourceGroupName String: The name of the resource group in which to create the connection Changing the name forces a new resource to be created.
routingWeight Number: The routing weight. Defaults to 10.
sharedKey String: The shared IPSec key. A key could be provided if a Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
tags Map<String>: A mapping of tags to assign to the resource.
trafficSelectorPolicy Property Map: A traffic_selector_policy which allows to specify traffic selector policy proposal to be used in a virtual network gateway connection. Only one block can be defined for a connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
type String: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.
usePolicyBasedTrafficSelectors Boolean: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block. Defaults to false.
virtualNetworkGatewayId String: The ID of the Virtual Network Gateway in which the connection will be created. Changing the gateway forces a new resource to be created.

Supporting Types

VirtualNetworkGatewayConnectionIpsecPolicy, VirtualNetworkGatewayConnectionIpsecPolicyArgs

DhGroup string: The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
IkeEncryption string: The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, or GCMAES256.
IkeIntegrity string: The IKE integrity algorithm. Valid options are GCMAES128, GCMAES256, MD5, SHA1, SHA256, or SHA384.
IpsecEncryption string: The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
IpsecIntegrity string: The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
PfsGroup string: The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM, or None.
SaDatasize int: The IPSec SA payload size in KB. Must be at least 1024 KB. Defaults to 102400000 KB.
SaLifetime int: The IPSec SA lifetime in seconds. Must be at least 300 seconds. Defaults to 27000 seconds.

DhGroup string: The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
IkeEncryption string: The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, or GCMAES256.
IkeIntegrity string: The IKE integrity algorithm. Valid options are GCMAES128, GCMAES256, MD5, SHA1, SHA256, or SHA384.
IpsecEncryption string: The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
IpsecIntegrity string: The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
PfsGroup string: The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM, or None.
SaDatasize int: The IPSec SA payload size in KB. Must be at least 1024 KB. Defaults to 102400000 KB.
SaLifetime int: The IPSec SA lifetime in seconds. Must be at least 300 seconds. Defaults to 27000 seconds.

dhGroup String: The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
ikeEncryption String: The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, or GCMAES256.
ikeIntegrity String: The IKE integrity algorithm. Valid options are GCMAES128, GCMAES256, MD5, SHA1, SHA256, or SHA384.
ipsecEncryption String: The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
ipsecIntegrity String: The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
pfsGroup String: The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM, or None.
saDatasize Integer: The IPSec SA payload size in KB. Must be at least 1024 KB. Defaults to 102400000 KB.
saLifetime Integer: The IPSec SA lifetime in seconds. Must be at least 300 seconds. Defaults to 27000 seconds.

dhGroup string: The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
ikeEncryption string: The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, or GCMAES256.
ikeIntegrity string: The IKE integrity algorithm. Valid options are GCMAES128, GCMAES256, MD5, SHA1, SHA256, or SHA384.
ipsecEncryption string: The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
ipsecIntegrity string: The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
pfsGroup string: The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM, or None.
saDatasize number: The IPSec SA payload size in KB. Must be at least 1024 KB. Defaults to 102400000 KB.
saLifetime number: The IPSec SA lifetime in seconds. Must be at least 300 seconds. Defaults to 27000 seconds.

dh_group str: The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
ike_encryption str: The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, or GCMAES256.
ike_integrity str: The IKE integrity algorithm. Valid options are GCMAES128, GCMAES256, MD5, SHA1, SHA256, or SHA384.
ipsec_encryption str: The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
ipsec_integrity str: The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
pfs_group str: The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM, or None.
sa_datasize int: The IPSec SA payload size in KB. Must be at least 1024 KB. Defaults to 102400000 KB.
sa_lifetime int: The IPSec SA lifetime in seconds. Must be at least 300 seconds. Defaults to 27000 seconds.

dhGroup String: The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
ikeEncryption String: The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, or GCMAES256.
ikeIntegrity String: The IKE integrity algorithm. Valid options are GCMAES128, GCMAES256, MD5, SHA1, SHA256, or SHA384.
ipsecEncryption String: The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
ipsecIntegrity String: The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
pfsGroup String: The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM, or None.
saDatasize Number: The IPSec SA payload size in KB. Must be at least 1024 KB. Defaults to 102400000 KB.
saLifetime Number: The IPSec SA lifetime in seconds. Must be at least 300 seconds. Defaults to 27000 seconds.

VirtualNetworkGatewayConnectionTrafficSelectorPolicy, VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs

LocalAddressCidrs List<string>
RemoteAddressCidrs List<string>

LocalAddressCidrs []string
RemoteAddressCidrs []string

localAddressCidrs List<String>
remoteAddressCidrs List<String>

localAddressCidrs string[]
remoteAddressCidrs string[]

local_address_cidrs Sequence[str]
remote_address_cidrs Sequence[str]

localAddressCidrs List<String>
remoteAddressCidrs List<String>

Import

Virtual Network Gateway Connections can be imported using their resource id, e.g.

 $ pulumi import azure:network/virtualNetworkGatewayConnection:VirtualNetworkGatewayConnection exampleConnection /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myGroup1/providers/Microsoft.Network/connections/myConnection1

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-azure

azure.network.VirtualNetworkGatewayConnection

On this page

On this page

Example Usage

Site-to-Site connection

VNet-to-VNet connection

Create VirtualNetworkGatewayConnection Resource

Constructor syntax

Parameters

Constructor example

VirtualNetworkGatewayConnection Resource Properties

Inputs

Outputs

Look up Existing VirtualNetworkGatewayConnection Resource

Supporting Types

VirtualNetworkGatewayConnectionIpsecPolicy, VirtualNetworkGatewayConnectionIpsecPolicyArgs

VirtualNetworkGatewayConnectionTrafficSelectorPolicy, VirtualNetworkGatewayConnectionTrafficSelectorPolicyArgs

Import

Package Details

On this page

On this page