az network vpn-gateway connection

Note

This reference is part of the virtual-wan extension for the Azure CLI (version 2.55.0 or higher). The extension will automatically install the first time you run an az network vpn-gateway connection command. Learn more about extensions.

Manage site-to-site VPN gateway connections.

Commands

Name	Description	Type	Status
az network vpn-gateway connection create	Create a site-to-site VPN gateway connection.	Extension	GA
az network vpn-gateway connection delete	Delete a site-to-site VPN gateway connection.	Extension	GA
az network vpn-gateway connection ipsec-policy	Manage site-to-site VPN gateway connection IPSec policies.	Extension	GA
az network vpn-gateway connection ipsec-policy add	Add an IPSec policy to a site-to-site VPN gateway connection.	Extension	GA
az network vpn-gateway connection ipsec-policy list	List site-to-site VPN gateway connection IPSec policies.	Extension	GA
az network vpn-gateway connection ipsec-policy remove	Remove an IPSec policy from a site-to-site VPN gateway connection.	Extension	GA
az network vpn-gateway connection list	List site-to-site VPN gateway connections.	Extension	GA
az network vpn-gateway connection packet-capture	Manage site-to-site VPN gateway connections packet capture.	Extension	GA
az network vpn-gateway connection packet-capture start	Starts packet capture on Vpn connection in the specified resource group.	Extension	GA
az network vpn-gateway connection show	Get the details of a site-to-site VPN gateway connection.	Extension	GA
az network vpn-gateway connection update	Update settings of VPN gateway connection.	Extension	GA
az network vpn-gateway connection vpn-site-link-conn	Manage site-to-site VPN gateway connection VPN site link connection.	Extension	GA
az network vpn-gateway connection vpn-site-link-conn add	Add a VPN site link connection to a site-to-site VPN gateway connection.	Extension	GA
az network vpn-gateway connection vpn-site-link-conn ipsec-policy	Manage site-to-site VPN gateway connection VPN site link IPSec policies.	Extension	GA
az network vpn-gateway connection vpn-site-link-conn ipsec-policy add	Add an IPSec policy to a site-to-site VPN gateway connection VPN site link.	Extension	GA
az network vpn-gateway connection vpn-site-link-conn ipsec-policy list	List site-to-site VPN gateway connection VPN site link IPSec policies.	Extension	GA
az network vpn-gateway connection vpn-site-link-conn ipsec-policy remove	Remove an IPSec policy from a site-to-site VPN gateway connection VPN site link.	Extension	GA
az network vpn-gateway connection vpn-site-link-conn list	List site-to-site VPN gateway connection VPN site link connection.	Extension	GA
az network vpn-gateway connection vpn-site-link-conn remove	Remove a VPN site link connection from a site-to-site VPN gateway connection.	Extension	GA
az network vpn-gateway connection wait	Place the CLI in a waiting state until a condition of the site-to-site VPN gateway connection is met.	Extension	GA

az network vpn-gateway connection create

Create a site-to-site VPN gateway connection.

az network vpn-gateway connection create --gateway-name
                                         --name
                                         --remote-vpn-site
                                         --resource-group
                                         [--associated]
                                         [--associated-inbound-routemap]
                                         [--associated-outbound-routemap]
                                         [--connection-bandwidth]
                                         [--enable-bgp {false, true}]
                                         [--internet-security {false, true}]
                                         [--labels]
                                         [--no-wait]
                                         [--propagated]
                                         [--protocol-type {IKEv1, IKEv2}]
                                         [--rate-limiting {false, true}]
                                         [--routing-weight]
                                         [--shared-key]
                                         [--vpn-site-link]
                                         [--with-link {false, true}]

Examples

Create a site-to-site VPN gateway connection

az network vpn-gateway connection create -g MyRG -n MyConnection --gateway-name MyGateway --remote-vpn-site /subscriptions/MySub/resourceGroups/MyRG/providers/Microsoft.Network/vpnSites/MyVPNSite --associated-route-table /subscriptions/MySub/resourceGroups/MyRG/providers/Microsoft.Network/virtualHubs/MyHub/hubRouteTables/MyRouteTable1 --propagated-route-tables /subscriptions/MySub/resourceGroups/MyRG/providers/Microsoft.Network/virtualHubs/MyHub/hubRouteTables/MyRouteTable1 /subscriptions/MySub/resourceGroups/MyRG/providers/Microsoft.Network/virtualHubs/MyHub/hubRouteTables/MyRouteTable2 --labels label1 label2

Required Parameters

--gateway-name

Name of the VPN gateway.

--name -n

Name of the VPN gateway connection.

--remote-vpn-site

Name of ID of the remote VPN site.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--associated --associated-route-table

Preview

The resource id of route table associated with this routing configuration.

--associated-inbound-routemap

Resource uri of inbound routemap for this connection’s routing configuration.

--associated-outbound-routemap

Resource uri of outbound routemap for this connection’s routing configuration.

--connection-bandwidth

Expected bandwidth in Mbps.

--enable-bgp

Enable BGP.

Accepted values: false, true

--internet-security

Enable internet security.

Accepted values: false, true

--labels

Preview

Space-separated list of labels for propagated route tables.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False

--propagated --propagated-route-tables

Preview

Space-separated list of resource id of propagated route tables.

--protocol-type

Connection protocol.

Accepted values: IKEv1, IKEv2

--rate-limiting

Enable rate limiting.

Accepted values: false, true

--routing-weight

Routing weight.

--shared-key

Shared key.

--vpn-site-link

The resource ID of VPN Site Link.

--with-link

Create VpnConnection with default link.

Accepted values: false, true

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-gateway connection delete

Delete a site-to-site VPN gateway connection.

az network vpn-gateway connection delete [--gateway-name]
                                         [--ids]
                                         [--name]
                                         [--resource-group]
                                         [--subscription]

Examples

Delete a site-to-site VPN gateway connection

az network vpn-gateway connection delete -g MyRG -n MyConnection --gateway-name MyGateway

Optional Parameters

--gateway-name

Name of the VPN gateway.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VPN gateway connection.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-gateway connection list

List site-to-site VPN gateway connections.

az network vpn-gateway connection list --gateway-name
                                       --resource-group

Examples

List all connections for a given site-to-site VPN gateway

az network vpn-gateway connection list -g MyRG --gateway-name MyGateway

Required Parameters

--gateway-name

Name of the VPN gateway.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-gateway connection show

Get the details of a site-to-site VPN gateway connection.

az network vpn-gateway connection show [--gateway-name]
                                       [--ids]
                                       [--name]
                                       [--resource-group]
                                       [--subscription]

Examples

Get the details of a site-to-site VPN gateway connection

az network vpn-gateway connection show -g MyRG -n MyConnection --gateway-name MyGateway

Optional Parameters

--gateway-name

Name of the VPN gateway.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the VPN gateway connection.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-gateway connection update

Update settings of VPN gateway connection.

az network vpn-gateway connection update [--add]
                                         [--associated]
                                         [--associated-inbound-routemap]
                                         [--associated-outbound-routemap]
                                         [--force-string]
                                         [--gateway-name]
                                         [--ids]
                                         [--labels]
                                         [--name]
                                         [--no-wait]
                                         [--propagated]
                                         [--remove]
                                         [--resource-group]
                                         [--set]
                                         [--subscription]

Examples

Add labels for propagated route tables under routing configuration.

az network vpn-gateway connection update -g MyRG -n MyConnection --gateway-name MyGateway --labels NewLabel1 NewLabels2

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

Default value: []

--associated --associated-route-table

Preview

The resource id of route table associated with this routing configuration.

--associated-inbound-routemap

Resource uri of inbound routemap for this connection’s routing configuration.

--associated-outbound-routemap

Resource uri of outbound routemap for this connection’s routing configuration.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Default value: False

--gateway-name

Name of the VPN gateway.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--labels

Preview

Space-separated list of labels for propagated route tables.

--name -n

Name of the VPN gateway connection.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False

--propagated --propagated-route-tables

Preview

Space-separated list of resource id of propagated route tables.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

Default value: []

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

Default value: []

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-gateway connection wait

Place the CLI in a waiting state until a condition of the site-to-site VPN gateway connection is met.

az network vpn-gateway connection wait [--created]
                                       [--custom]
                                       [--deleted]
                                       [--exists]
                                       [--gateway-name]
                                       [--ids]
                                       [--interval]
                                       [--name]
                                       [--resource-group]
                                       [--subscription]
                                       [--timeout]
                                       [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False

--exists

Wait until the resource exists.

Default value: False

--gateway-name

Name of the VPN gateway.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30

--name -n

Name of the VPN gateway connection.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600

--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.