Share via


az network vpn-server-config ipsec-policy

Note

This reference is part of the virtual-wan extension for the Azure CLI (version 2.55.0 or higher). The extension will automatically install the first time you run an az network vpn-server-config ipsec-policy command. Learn more about extensions.

Manage VPN server configuration IPSec policies.

Commands

Name Description Type Status
az network vpn-server-config ipsec-policy add

Add an IPSec policy to a VPN server configuration.

Extension GA
az network vpn-server-config ipsec-policy list

List VPN server configuration IPSec policies.

Extension GA
az network vpn-server-config ipsec-policy remove

Remove an IPSec policy from a VPN server configuration.

Extension GA
az network vpn-server-config ipsec-policy wait

Place the CLI in a waiting state until a condition of the IPSec policy of a VPN server configuration is met.

Extension GA

az network vpn-server-config ipsec-policy add

Add an IPSec policy to a VPN server configuration.

az network vpn-server-config ipsec-policy add --dh-group {DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, None}
                                              --ike-encryption {AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES256}
                                              --ike-integrity {GCMAES128, GCMAES256, MD5, SHA1, SHA256, SHA384}
                                              --ipsec-encryption {AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, None}
                                              --ipsec-integrity {GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, SHA256}
                                              --name
                                              --pfs-group {ECP256, ECP384, None, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM}
                                              --resource-group
                                              --sa-data-size
                                              --sa-lifetime
                                              [--no-wait]

Required Parameters

--dh-group

DH Groups used in IKE Phase 1 for initial SA.

Accepted values: DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, None
--ike-encryption

IKE encryption algorithm (IKE phase 2).

Accepted values: AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES256
--ike-integrity

IKE integrity algorithm (IKE phase 2).

Accepted values: GCMAES128, GCMAES256, MD5, SHA1, SHA256, SHA384
--ipsec-encryption

IPSec encryption algorithm (IKE phase 1).

Accepted values: AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, None
--ipsec-integrity

IPSec integrity algorithm (IKE phase 1).

Accepted values: GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, SHA256
--name -n

Name of the Vpn server configuration.

--pfs-group

The Pfs Groups used in IKE Phase 2 for new child SA.

Accepted values: ECP256, ECP384, None, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--sa-data-size

IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site-to-site VPN tunnel.

--sa-lifetime

IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site-to-site VPN tunnel.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-server-config ipsec-policy list

List VPN server configuration IPSec policies.

az network vpn-server-config ipsec-policy list --name
                                               --resource-group

Required Parameters

--name -n

Name of the Vpn server configuration.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-server-config ipsec-policy remove

Remove an IPSec policy from a VPN server configuration.

az network vpn-server-config ipsec-policy remove --index
                                                 --name
                                                 --resource-group
                                                 [--no-wait]

Required Parameters

--index

List index of the ipsec policy(starting with 0).

--name -n

Name of the Vpn server configuration.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network vpn-server-config ipsec-policy wait

Place the CLI in a waiting state until a condition of the IPSec policy of a VPN server configuration is met.

az network vpn-server-config ipsec-policy wait --name
                                               --resource-group
                                               [--created]
                                               [--custom]
                                               [--deleted]
                                               [--exists]
                                               [--interval]
                                               [--timeout]
                                               [--updated]

Required Parameters

--name -n

Name of the Vpn server configuration.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--interval

Polling interval in seconds.

Default value: 30
--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.