Vpn Gateways - Get

Retrieves the details of a virtual wan vpn gateway.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/vpnGateways/{gatewayName}?api-version=2024-05-01

URI Parameters

Name In Required Type Description
gatewayName
path True

string

The name of the gateway.

resourceGroupName
path True

string

The resource group name of the VpnGateway.

subscriptionId
path True

string

The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.

api-version
query True

string

Client API version.

Responses

Name Type Description
200 OK

VpnGateway

Request successful. Returns the details of the virtual wan vpn gateway retrieved.

Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

VpnGatewayGet

Sample request

GET https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1?api-version=2024-05-01

Sample response

{
  "name": "gateway1",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "location": "West US",
  "type": "Microsoft.Network/vpnGateways",
  "properties": {
    "provisioningState": "Succeeded",
    "virtualHub": {
      "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/virtualHub1"
    },
    "connections": [
      {
        "name": "vpnConnection1",
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/vpnConnections/vpnConnection1",
        "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
        "properties": {
          "provisioningState": "Succeeded",
          "remoteVpnSite": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnSites/vpnSite1"
          },
          "enableInternetSecurity": false,
          "ingressBytesTransferred": 0,
          "egressBytesTransferred": 0,
          "vpnLinkConnections": [
            {
              "name": "Connection-Link1",
              "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/vpnConnections/vpnConnection1/VpnSiteLinkConnections/Connection-Link1",
              "type": "Microsoft.Network/vpnGateways/vpnConnections/VpnSiteLinkConnections",
              "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
              "properties": {
                "provisioningState": "Succeeded",
                "vpnSiteLink": {
                  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnSites/vpnSite1/vpnSiteLinks/siteLink1"
                },
                "connectionBandwidth": 200,
                "ipsecPolicies": [],
                "vpnConnectionProtocolType": "IKEv2",
                "sharedKey": "key",
                "ingressBytesTransferred": 0,
                "egressBytesTransferred": 0,
                "enableBgp": false,
                "enableRateLimiting": false,
                "useLocalAzureIpAddress": false,
                "usePolicyBasedTrafficSelectors": false,
                "routingWeight": 0,
                "ingressNatRules": [
                  {
                    "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/natRules/nat03"
                  }
                ]
              }
            },
            {
              "name": "Connection-Link2",
              "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/vpnConnections/vpnConnection1/VpnSiteLinkConnections/Connection-Link2",
              "type": "Microsoft.Network/vpnGateways/vpnConnections/VpnSiteLinkConnections",
              "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
              "properties": {
                "provisioningState": "Succeeded",
                "vpnSiteLink": {
                  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnSites/vpnSite1/vpnSiteLinks/siteLink2"
                },
                "connectionBandwidth": 200,
                "ipsecPolicies": [],
                "vpnConnectionProtocolType": "IKEv2",
                "sharedKey": "key",
                "ingressBytesTransferred": 0,
                "egressBytesTransferred": 0,
                "enableBgp": false,
                "enableRateLimiting": false,
                "useLocalAzureIpAddress": false,
                "usePolicyBasedTrafficSelectors": false,
                "routingWeight": 0,
                "egressNatRules": [
                  {
                    "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/natRules/nat04"
                  }
                ]
              }
            }
          ],
          "routingConfiguration": {
            "associatedRouteTable": {
              "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/virtualHub1/hubRouteTables/hubRouteTable1"
            },
            "propagatedRouteTables": {
              "labels": [
                "label1",
                "label2"
              ],
              "ids": [
                {
                  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/virtualHub1/hubRouteTables/hubRouteTable1"
                },
                {
                  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/virtualHub1/hubRouteTables/hubRouteTable2"
                },
                {
                  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/virtualHub1/hubRouteTables/hubRouteTable3"
                }
              ]
            },
            "vnetRoutes": {
              "staticRoutes": []
            }
          }
        }
      }
    ],
    "bgpSettings": {
      "asn": 65514,
      "bgpPeeringAddress": "10.0.1.30",
      "peerWeight": 0,
      "bgpPeeringAddresses": [
        {
          "ipconfigurationId": "Instance0",
          "defaultBgpIpAddresses": [
            "10.30.0.4"
          ],
          "customBgpIpAddresses": [
            "169.254.21.5"
          ],
          "tunnelIpAddresses": [
            "104.208.48.178"
          ]
        },
        {
          "ipconfigurationId": "Instance1",
          "defaultBgpIpAddresses": [
            "10.30.0.5"
          ],
          "customBgpIpAddresses": [
            "169.254.21.10"
          ],
          "tunnelIpAddresses": [
            "104.208.48.179"
          ]
        }
      ]
    },
    "natRules": [
      {
        "name": "nat03",
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/natRules/nat03",
        "properties": {
          "type": "Dynamic",
          "mode": "IgressSnat",
          "internalMappings": [
            {
              "addressSpace": "0.0.0.0/26"
            }
          ],
          "externalMappings": [
            {
              "addressSpace": "192.168.0.0/26"
            }
          ],
          "ingressVpnSiteLinkConnections": [
            {
              "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/vpnConnections/vpnConnection1/vpnLinkConnections/Connection-Link1"
            }
          ]
        },
        "type": "Microsoft.Network/vpnGateways/natRules"
      },
      {
        "name": "nat04",
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/natRules/nat04",
        "properties": {
          "type": "Static",
          "mode": "EgressSnat",
          "internalMappings": [
            {
              "addressSpace": "0.0.0.0/26"
            }
          ],
          "externalMappings": [
            {
              "addressSpace": "192.168.0.0/26"
            }
          ],
          "egressVpnSiteLinkConnections": [
            {
              "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/vpnGateways/gateway1/vpnConnections/vpnConnection1/vpnLinkConnections/Connection-Link2"
            }
          ]
        },
        "type": "Microsoft.Network/vpnGateways/natRules"
      }
    ],
    "isRoutingPreferenceInternet": false,
    "enableBgpRouteTranslationForNat": false
  }
}

Definitions

Name Description
BgpSettings

BGP settings details.

CloudError

An error response from the service.

CloudErrorBody

An error response from the service.

DhGroup

The DH Groups used in IKE Phase 1 for initial SA.

GatewayCustomBgpIpAddressIpConfiguration

GatewayCustomBgpIpAddressIpConfiguration for a virtual network gateway connection.

IkeEncryption

The IKE encryption algorithm (IKE phase 2).

IkeIntegrity

The IKE integrity algorithm (IKE phase 2).

IPConfigurationBgpPeeringAddress

Properties of IPConfigurationBgpPeeringAddress.

IpsecEncryption

The IPSec encryption algorithm (IKE phase 1).

IpsecIntegrity

The IPSec integrity algorithm (IKE phase 1).

IpsecPolicy

An IPSec Policy configuration for a virtual network gateway connection.

PfsGroup

The Pfs Groups used in IKE Phase 2 for new child SA.

PropagatedRouteTable

The list of RouteTables to advertise the routes to.

ProvisioningState

The current provisioning state.

RoutingConfiguration

Routing Configuration indicating the associated and propagated route tables for this connection.

StaticRoute

List of all Static Routes.

StaticRoutesConfig

Configuration for static routes on this HubVnetConnectionConfiguration for static routes on this HubVnetConnection.

SubResource

Reference to another subresource.

TrafficSelectorPolicy

An traffic selector policy for a virtual network gateway connection.

VirtualNetworkGatewayConnectionProtocol

Connection protocol used for this connection.

VnetLocalRouteOverrideCriteria

Parameter determining whether NVA in spoke vnet is bypassed for traffic with destination in spoke vnet.

VnetRoute

List of routes that control routing from VirtualHub into a virtual network connection.

VpnConnection

VpnConnection Resource.

VpnConnectionStatus

The current state of the vpn connection.

VpnGateway

VpnGateway Resource.

VpnGatewayIpConfiguration

IP Configuration of a VPN Gateway Resource.

VpnGatewayNatRule

VpnGatewayNatRule Resource.

VpnLinkConnectionMode

Vpn link connection mode.

VpnNatRuleMapping

Vpn NatRule mapping.

VpnNatRuleMode

The Source NAT direction of a VPN NAT.

VpnNatRuleType

The type of NAT rule for VPN NAT.

VpnSiteLinkConnection

VpnSiteLinkConnection Resource.

BgpSettings

BGP settings details.

Name Type Description
asn

integer

The BGP speaker's ASN.

bgpPeeringAddress

string

The BGP peering address and BGP identifier of this BGP speaker.

bgpPeeringAddresses

IPConfigurationBgpPeeringAddress[]

BGP peering address with IP configuration ID for virtual network gateway.

peerWeight

integer

The weight added to routes learned from this BGP speaker.

CloudError

An error response from the service.

Name Type Description
error

CloudErrorBody

Cloud error body.

CloudErrorBody

An error response from the service.

Name Type Description
code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

details

CloudErrorBody[]

A list of additional details about the error.

message

string

A message describing the error, intended to be suitable for display in a user interface.

target

string

The target of the particular error. For example, the name of the property in error.

DhGroup

The DH Groups used in IKE Phase 1 for initial SA.

Name Type Description
DHGroup1

string

DHGroup14

string

DHGroup2

string

DHGroup2048

string

DHGroup24

string

ECP256

string

ECP384

string

None

string

GatewayCustomBgpIpAddressIpConfiguration

GatewayCustomBgpIpAddressIpConfiguration for a virtual network gateway connection.

Name Type Description
customBgpIpAddress

string

The custom BgpPeeringAddress which belongs to IpconfigurationId.

ipConfigurationId

string

The IpconfigurationId of ipconfiguration which belongs to gateway.

IkeEncryption

The IKE encryption algorithm (IKE phase 2).

Name Type Description
AES128

string

AES192

string

AES256

string

DES

string

DES3

string

GCMAES128

string

GCMAES256

string

IkeIntegrity

The IKE integrity algorithm (IKE phase 2).

Name Type Description
GCMAES128

string

GCMAES256

string

MD5

string

SHA1

string

SHA256

string

SHA384

string

IPConfigurationBgpPeeringAddress

Properties of IPConfigurationBgpPeeringAddress.

Name Type Description
customBgpIpAddresses

string[]

The list of custom BGP peering addresses which belong to IP configuration.

defaultBgpIpAddresses

string[]

The list of default BGP peering addresses which belong to IP configuration.

ipconfigurationId

string

The ID of IP configuration which belongs to gateway.

tunnelIpAddresses

string[]

The list of tunnel public IP addresses which belong to IP configuration.

IpsecEncryption

The IPSec encryption algorithm (IKE phase 1).

Name Type Description
AES128

string

AES192

string

AES256

string

DES

string

DES3

string

GCMAES128

string

GCMAES192

string

GCMAES256

string

None

string

IpsecIntegrity

The IPSec integrity algorithm (IKE phase 1).

Name Type Description
GCMAES128

string

GCMAES192

string

GCMAES256

string

MD5

string

SHA1

string

SHA256

string

IpsecPolicy

An IPSec Policy configuration for a virtual network gateway connection.

Name Type Description
dhGroup

DhGroup

The DH Group used in IKE Phase 1 for initial SA.

ikeEncryption

IkeEncryption

The IKE encryption algorithm (IKE phase 2).

ikeIntegrity

IkeIntegrity

The IKE integrity algorithm (IKE phase 2).

ipsecEncryption

IpsecEncryption

The IPSec encryption algorithm (IKE phase 1).

ipsecIntegrity

IpsecIntegrity

The IPSec integrity algorithm (IKE phase 1).

pfsGroup

PfsGroup

The Pfs Group used in IKE Phase 2 for new child SA.

saDataSizeKilobytes

integer

The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.

saLifeTimeSeconds

integer

The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.

PfsGroup

The Pfs Groups used in IKE Phase 2 for new child SA.

Name Type Description
ECP256

string

ECP384

string

None

string

PFS1

string

PFS14

string

PFS2

string

PFS2048

string

PFS24

string

PFSMM

string

PropagatedRouteTable

The list of RouteTables to advertise the routes to.

Name Type Description
ids

SubResource[]

The list of resource ids of all the RouteTables.

labels

string[]

The list of labels.

ProvisioningState

The current provisioning state.

Name Type Description
Deleting

string

Failed

string

Succeeded

string

Updating

string

RoutingConfiguration

Routing Configuration indicating the associated and propagated route tables for this connection.

Name Type Description
associatedRouteTable

SubResource

The resource id RouteTable associated with this RoutingConfiguration.

inboundRouteMap

SubResource

The resource id of the RouteMap associated with this RoutingConfiguration for inbound learned routes.

outboundRouteMap

SubResource

The resource id of theRouteMap associated with this RoutingConfiguration for outbound advertised routes.

propagatedRouteTables

PropagatedRouteTable

The list of RouteTables to advertise the routes to.

vnetRoutes

VnetRoute

List of routes that control routing from VirtualHub into a virtual network connection.

StaticRoute

List of all Static Routes.

Name Type Description
addressPrefixes

string[]

List of all address prefixes.

name

string

The name of the StaticRoute that is unique within a VnetRoute.

nextHopIpAddress

string

The ip address of the next hop.

StaticRoutesConfig

Configuration for static routes on this HubVnetConnectionConfiguration for static routes on this HubVnetConnection.

Name Type Description
propagateStaticRoutes

boolean

Boolean indicating whether static routes on this connection are automatically propagate to route tables which this connection propagates to.

vnetLocalRouteOverrideCriteria

VnetLocalRouteOverrideCriteria

Parameter determining whether NVA in spoke vnet is bypassed for traffic with destination in spoke.

SubResource

Reference to another subresource.

Name Type Description
id

string

Resource ID.

TrafficSelectorPolicy

An traffic selector policy for a virtual network gateway connection.

Name Type Description
localAddressRanges

string[]

A collection of local address spaces in CIDR format.

remoteAddressRanges

string[]

A collection of remote address spaces in CIDR format.

VirtualNetworkGatewayConnectionProtocol

Connection protocol used for this connection.

Name Type Description
IKEv1

string

IKEv2

string

VnetLocalRouteOverrideCriteria

Parameter determining whether NVA in spoke vnet is bypassed for traffic with destination in spoke vnet.

Name Type Description
Contains

string

Equal

string

VnetRoute

List of routes that control routing from VirtualHub into a virtual network connection.

Name Type Description
bgpConnections

SubResource[]

The list of references to HubBgpConnection objects.

staticRoutes

StaticRoute[]

List of all Static Routes.

staticRoutesConfig

StaticRoutesConfig

Configuration for static routes on this HubVnetConnection.

VpnConnection

VpnConnection Resource.

Name Type Description
etag

string

A unique read-only string that changes whenever the resource is updated.

id

string

Resource ID.

name

string

The name of the resource that is unique within a resource group. This name can be used to access the resource.

properties.connectionBandwidth

integer

Expected bandwidth in MBPS.

properties.connectionStatus

VpnConnectionStatus

The connection status.

properties.dpdTimeoutSeconds

integer

DPD timeout in seconds for vpn connection.

properties.egressBytesTransferred

integer

Egress bytes transferred.

properties.enableBgp

boolean

EnableBgp flag.

properties.enableInternetSecurity

boolean

Enable internet security.

properties.enableRateLimiting

boolean

EnableBgp flag.

properties.ingressBytesTransferred

integer

Ingress bytes transferred.

properties.ipsecPolicies

IpsecPolicy[]

The IPSec Policies to be considered by this connection.

properties.provisioningState

ProvisioningState

The provisioning state of the VPN connection resource.

properties.remoteVpnSite

SubResource

Id of the connected vpn site.

properties.routingConfiguration

RoutingConfiguration

The Routing Configuration indicating the associated and propagated route tables on this connection.

properties.routingWeight

integer

Routing weight for vpn connection.

properties.sharedKey

string

SharedKey for the vpn connection.

properties.trafficSelectorPolicies

TrafficSelectorPolicy[]

The Traffic Selector Policies to be considered by this connection.

properties.useLocalAzureIpAddress

boolean

Use local azure ip to initiate connection.

properties.usePolicyBasedTrafficSelectors

boolean

Enable policy-based traffic selectors.

properties.vpnConnectionProtocolType

VirtualNetworkGatewayConnectionProtocol

Connection protocol used for this connection.

properties.vpnLinkConnections

VpnSiteLinkConnection[]

List of all vpn site link connections to the gateway.

VpnConnectionStatus

The current state of the vpn connection.

Name Type Description
Connected

string

Connecting

string

NotConnected

string

Unknown

string

VpnGateway

VpnGateway Resource.

Name Type Description
etag

string

A unique read-only string that changes whenever the resource is updated.

id

string

Resource ID.

location

string

Resource location.

name

string

Resource name.

properties.bgpSettings

BgpSettings

Local network gateway's BGP speaker settings.

properties.connections

VpnConnection[]

List of all vpn connections to the gateway.

properties.enableBgpRouteTranslationForNat

boolean

Enable BGP routes translation for NAT on this VpnGateway.

properties.ipConfigurations

VpnGatewayIpConfiguration[]

List of all IPs configured on the gateway.

properties.isRoutingPreferenceInternet

boolean

Enable Routing Preference property for the Public IP Interface of the VpnGateway.

properties.natRules

VpnGatewayNatRule[]

List of all the nat Rules associated with the gateway.

properties.provisioningState

ProvisioningState

The provisioning state of the VPN gateway resource.

properties.virtualHub

SubResource

The VirtualHub to which the gateway belongs.

properties.vpnGatewayScaleUnit

integer

The scale unit for this vpn gateway.

tags

object

Resource tags.

type

string

Resource type.

VpnGatewayIpConfiguration

IP Configuration of a VPN Gateway Resource.

Name Type Description
id

string

The identifier of the IP configuration for a VPN Gateway.

privateIpAddress

string

The private IP address of this IP configuration.

publicIpAddress

string

The public IP address of this IP configuration.

VpnGatewayNatRule

VpnGatewayNatRule Resource.

Name Type Description
etag

string

A unique read-only string that changes whenever the resource is updated.

id

string

Resource ID.

name

string

The name of the resource that is unique within a resource group. This name can be used to access the resource.

properties.egressVpnSiteLinkConnections

SubResource[]

List of egress VpnSiteLinkConnections.

properties.externalMappings

VpnNatRuleMapping[]

The private IP address external mapping for NAT.

properties.ingressVpnSiteLinkConnections

SubResource[]

List of ingress VpnSiteLinkConnections.

properties.internalMappings

VpnNatRuleMapping[]

The private IP address internal mapping for NAT.

properties.ipConfigurationId

string

The IP Configuration ID this NAT rule applies to.

properties.mode

VpnNatRuleMode

The Source NAT direction of a VPN NAT.

properties.provisioningState

ProvisioningState

The provisioning state of the NAT Rule resource.

properties.type

VpnNatRuleType

The type of NAT rule for VPN NAT.

type

string

Resource type.

VpnLinkConnectionMode

Vpn link connection mode.

Name Type Description
Default

string

InitiatorOnly

string

ResponderOnly

string

VpnNatRuleMapping

Vpn NatRule mapping.

Name Type Description
addressSpace

string

Address space for Vpn NatRule mapping.

portRange

string

Port range for Vpn NatRule mapping.

VpnNatRuleMode

The Source NAT direction of a VPN NAT.

Name Type Description
EgressSnat

string

IngressSnat

string

VpnNatRuleType

The type of NAT rule for VPN NAT.

Name Type Description
Dynamic

string

Static

string

VpnSiteLinkConnection

VpnSiteLinkConnection Resource.

Name Type Description
etag

string

A unique read-only string that changes whenever the resource is updated.

id

string

Resource ID.

name

string

The name of the resource that is unique within a resource group. This name can be used to access the resource.

properties.connectionBandwidth

integer

Expected bandwidth in MBPS.

properties.connectionStatus

VpnConnectionStatus

The connection status.

properties.dpdTimeoutSeconds

integer

Dead Peer Detection timeout in seconds for VpnLink connection.

properties.egressBytesTransferred

integer

Egress bytes transferred.

properties.egressNatRules

SubResource[]

List of egress NatRules.

properties.enableBgp

boolean

EnableBgp flag.

properties.enableRateLimiting

boolean

EnableBgp flag.

properties.ingressBytesTransferred

integer

Ingress bytes transferred.

properties.ingressNatRules

SubResource[]

List of ingress NatRules.

properties.ipsecPolicies

IpsecPolicy[]

The IPSec Policies to be considered by this connection.

properties.provisioningState

ProvisioningState

The provisioning state of the VPN site link connection resource.

properties.routingWeight

integer

Routing weight for vpn connection.

properties.sharedKey

string

SharedKey for the vpn connection.

properties.useLocalAzureIpAddress

boolean

Use local azure ip to initiate connection.

properties.usePolicyBasedTrafficSelectors

boolean

Enable policy-based traffic selectors.

properties.vpnConnectionProtocolType

VirtualNetworkGatewayConnectionProtocol

Connection protocol used for this connection.

properties.vpnGatewayCustomBgpAddresses

GatewayCustomBgpIpAddressIpConfiguration[]

vpnGatewayCustomBgpAddresses used by this connection.

properties.vpnLinkConnectionMode

VpnLinkConnectionMode

Vpn link connection mode.

properties.vpnSiteLink

SubResource

Id of the connected vpn site link.

type

string

Resource type.