New-AzureRmVpnClientIpsecPolicy
This command allows the users to create the Vpn ipsec policy object specifying one or all values such as IpsecEncryption,IpsecIntegrity,IkeEncryption,IkeIntegrity,DhGroup,PfsGroup to set on the VPN gateway. This command let output object is used to set vpn ipsec policy for both new / exisitng gateway.
Warning
The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.
Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.
Syntax
New-AzureRmVpnClientIpsecPolicy
[-SALifeTime <Int32>]
[-SADataSize <Int32>]
[-IpsecEncryption <String>]
[-IpsecIntegrity <String>]
[-IkeEncryption <String>]
[-IkeIntegrity <String>]
[-DhGroup <String>]
[-PfsGroup <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>] Description
This command allows the users to create the Vpn ipsec policy object specifying one or all values such as IpsecEncryption,IpsecIntegrity,IkeEncryption,IkeIntegrity,DhGroup,PfsGroup to set on the VPN gateway. This command let output object is used to set vpn ipsec policy for both new / exisitng gateway.
Examples
Define vpn ipsec policy object:
PS C:\>$vpnclientipsecpolicy = New-AzureRmVpnClientIpsecPolicy -IpsecEncryption AES256 -IpsecIntegrity SHA256 -SALifeTime 86472 -SADataSize 429497 -IkeEncryption AES256 -IkeIntegrity SHA256 -DhGroup DHGroup2 -PfsGroup NoneThis cmdlet is used to create the vpn ipsec policy object using the passed one or all parameters' values which user can pass to param:VpnClientIpsecPolicy of PS command let: New-AzureRmVirtualNetworkGateway (New VPN Gateway creation) / Set-AzureRmVirtualNetworkGateway (existing VPN Gateway update) in ResourceGroup :
Create new virtual network gateway with setting vpn custom ipsec policy:
PS C:\> $vnetGateway = New-AzureRmVirtualNetworkGateway -ResourceGroupName vnet-gateway -name myNGW -location $location -IpConfigurations $vnetIpConfig -GatewayType Vpn -VpnType RouteBased -GatewaySku VpnGw1 -VpnClientIpsecPolicy $vpnclientipsecpolicyThis cmdlet returns virtual network gateway object after creation.
Set vpn custom ipsec policy on existing virtual network gateway:
PS C:\> $vnetGateway = Set-AzureRmVirtualNetworkGateway -VirtualNetworkGateway $gateway -VpnClientIpsecPolicy $vpnclientipsecpolicyThis cmdlet returns virtual network gateway object after setting vpn custom ipsec policy.
Get virtual network gateway to see if vpn custom policy is set correctly:
PS C:\> $gateway = Get-AzureRmVirtualNetworkGateway -ResourceGroupName vnet-gateway -name myNGWThis cmdlet returns virtual network gateway object.
Parameters
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DhGroup
The Vpnclient DH Groups used in IKE Phase 1 for initial SA
| Type: | String |
| Accepted values: | DHGroup24, ECP384, ECP256, DHGroup14, DHGroup2 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IkeEncryption
The Vpnclient IKE encryption algorithm (IKE Phase 2)
| Type: | String |
| Accepted values: | GCMAES256, GCMAES128, AES256, AES128 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IkeIntegrity
The Vpnclient IKE integrity algorithm (IKE Phase 2)
| Type: | String |
| Accepted values: | SHA384, SHA256 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IpsecEncryption
The Vpnclient IPSec encryption algorithm (IKE Phase 1)
| Type: | String |
| Accepted values: | GCMAES256, GCMAES128, AES256, AES128 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IpsecIntegrity
The Vpnclient IPSec integrity algorithm (IKE Phase 1)
| Type: | String |
| Accepted values: | GCMAES256, GCMAES128, SHA256 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PfsGroup
The Vpnclient PFS Groups used in IKE Phase 2 for new child SA
| Type: | String |
| Accepted values: | PFS24, PFSMM, ECP384, ECP256, PFS14, PFS2, None |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SADataSize
The Vpnclient IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SALifeTime
The Vpnclient IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None