![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 62%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMZ%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,567 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello Michał Zaborowicz,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
I understand that you are in need of how you can build VPN-gateway with type policy-based.
Regarding your explanations, Basic SKU does not support high-performance configurations, and the suggested SKUs (VpnGw1, VpnGw2, etc.) are for route-based VPNs, which do not support policy-based VPNs. Also, if you should use the Basic SKU, there are some limitations and specific configurations required.
This is an example of PowerShell script snippet to help you use the Basic SKU for a policy-based VPN gateway:
$resourceGroupName = "YourResourceGroupName"
$location = "YourLocation"
$virtualNetworkName = "YourVNetName"
$subnetName = "GatewaySubnet"
$publicIpName = "YourPublicIPName"
$gatewayName = "YourGatewayName"
# Create the public IP address
$publicIp = New-AzPublicIpAddress -ResourceGroupName $resourceGroupName -Location $location -Name $publicIpName -AllocationMethod Dynamic -Sku Basic
# Create the gateway IP configuration
$vnet = Get-AzVirtualNetwork -ResourceGroupName $resourceGroupName -Name $virtualNetworkName
$subnet = Get-AzVirtualNetworkSubnetConfig -Name $subnetName -VirtualNetwork $vnet
$gatewayIpConfig = New-AzVirtualNetworkGatewayIpConfig -Name "gwipconfig" -SubnetId $subnet.Id -PublicIpAddressId $publicIp.Id
# Create the VPN gateway
New-AzVirtualNetworkGateway -ResourceGroupName $resourceGroupName -Location $location -Name $gatewayName -IpConfigurations $gatewayIpConfig -GatewayType Vpn -VpnType PolicyBased -GatewaySku Basic
Secondly, make sure that your on-premises VPN device supports IKEv1, as the Basic SKU only supports IKEv1 for policy-based VPNs.
Also, if you need to connect multiple policy-based VPN devices, you can use a route-based VPN gateway with custom IPsec/IKE policies and enable policy-based traffic selectors - https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps
Finally, if the scripts still don’t work, it might be due to specific configurations or updates in Azure, try to double-check the Azure documentation for any recent changes or additional requirements - https://learn.microsoft.com/en-us/azure/vpn-gateway/create-gateway-basic-sku-powershell
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.