New-NetworkControllerVirtualGatewayNetworkConnection
Creates a virtual gateway network connection.
Syntax
New-NetworkControllerVirtualGatewayNetworkConnection
[-VirtualGatewayId] <String>
[-ResourceId] <String>
[-Properties] <NetworkConnectionProperties>
[[-ResourceMetadata] <ResourceMetadata>]
[[-Etag] <String>]
[-Force]
-ConnectionUri <Uri>
[-CertificateThumbprint <String>]
[-Credential <PSCredential>]
[-PassInnerException]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The New-NetworkControllerVirtualGatewayNetworkConnection cmdlet adds a configuration for a network connection for the specified tenant in Network Controller. If a network connection configuration already exists, this cmdlet overwrites and replaces the older configuration.
Examples
Example 1: Add a new IPSec network connection to tenant virtual gateway
PS C:\> $uri = "https://networkcontroller"
# Create a new object for tenant network connection
PS C:\> $nwConnectionProperties = New-Object Microsoft.Windows.NetworkController.NetworkConnectionProperties
# Update the common object properties
PS C:\> $nwConnectionProperties.ConnectionType = "IPSec"
PS C:\> $nwConnectionProperties.OutboundKiloBitsPerSecond = 10000
PS C:\> $nwConnectionProperties.InboundKiloBitsPerSecond = 10000
# Update specific properties depending on the connection type
PS C:\> $nwConnectionProperties.IpSecConfiguration = New-Object Microsoft.Windows.NetworkController.IpSecConfiguration
PS C:\> $nwConnectionProperties.IpSecConfiguration.AuthenticationMethod = "PSK"
PS C:\> $nwConnectionProperties.IpSecConfiguration.SharedSecret = "P@ssw0rd"
PS C:\> $nwConnectionProperties.IpSecConfiguration.QuickMode = New-Object Microsoft.Windows.NetworkController.QuickMode
PS C:\> $nwConnectionProperties.IpSecConfiguration.QuickMode.PerfectForwardSecrecy = "PFS2048"
PS C:\> $nwConnectionProperties.IpSecConfiguration.QuickMode.AuthenticationTransformationConstant = "SHA256128"
PS C:\> $nwConnectionProperties.IpSecConfiguration.QuickMode.CipherTransformationConstant = "DES3"
PS C:\> $nwConnectionProperties.IpSecConfiguration.QuickMode.SALifeTimeSeconds = 1233
PS C:\> $nwConnectionProperties.IpSecConfiguration.QuickMode.IdleDisconnectSeconds = 500
PS C:\> $nwConnectionProperties.IpSecConfiguration.QuickMode.SALifeTimeKiloBytes = 2000
PS C:\> $nwConnectionProperties.IpSecConfiguration.MainMode = New-Object Microsoft.Windows.NetworkController.MainMode
PS C:\> $nwConnectionProperties.IpSecConfiguration.MainMode.DiffieHellmanGroup = "Group2"
PS C:\> $nwConnectionProperties.IpSecConfiguration.MainMode.IntegrityAlgorithm = "SHA256"
PS C:\> $nwConnectionProperties.IpSecConfiguration.MainMode.EncryptionAlgorithm = "AES256"
PS C:\> $nwConnectionProperties.IpSecConfiguration.MainMode.SALifeTimeSeconds = 1234
PS C:\> $nwConnectionProperties.IpSecConfiguration.MainMode.SALifeTimeKiloBytes = 2000
# L3 specific configuration (leave blank for IPSec)
PS C:\> $nwConnectionProperties.IPAddresses = @()
PS C:\> $nwConnectionProperties.PeerIPAddresses = @()
# Update the IPv4 routes that are reachable over the site-to-site VPN tunnel
PS C:\> $nwConnectionProperties.Routes = @()
PS C:\> $ipv4Route = New-Object Microsoft.Windows.NetworkController.RouteInfo
PS C:\> $ipv4Route.DestinationPrefix = "14.1.10.1/32"
PS C:\> $ipv4Route.metric = 10
PS C:\> $nwConnectionProperties.Routes += $ipv4Route
# Tunnel destination (remote endpoint) address
PS C:\> $nwConnectionProperties.DestinationIPAddress = "10.127.134.121"
# Add the new network connection for the tenant
PS C:\> New-NetworkControllerVirtualGatewayNetworkConnection -ConnectionUri $uri -VirtualGatewayId "Contoso" -ResourceId "Contoso_IPSecGW" -Properties $nwConnectionProperties -Force
This set of cmdlets adds a new IPSec connection on the Contoso tenant virtual gateway.
Example 2: Add a GRE network connection to a tenant virtual gateway
PS C:\> $uri = "https://networkcontroller"
# Create a new object for the tenant network connection
PS C:\> $nwConnectionProperties = New-Object Microsoft.Windows.NetworkController.NetworkConnectionProperties
# Update the common object properties
PS C:\> $nwConnectionProperties.ConnectionType = "GRE"
PS C:\> $nwConnectionProperties.OutboundKiloBitsPerSecond = 10000
PS C:\> $nwConnectionProperties.InboundKiloBitsPerSecond = 10000
# Update specific properties depending on the connection type
PS C:\> $nwConnectionProperties.GreConfiguration = New-Object Microsoft.Windows.NetworkController.GreConfiguration
PS C:\> $nwConnectionProperties.GreConfiguration.GreKey = 1234
# Update the IPv4 routes that are reachable over the site-to-site VPN tunnel
PS C:\> $nwConnectionProperties.Routes = @()
PS C:\> $ipv4Route = New-Object Microsoft.Windows.NetworkController.RouteInfo
PS C:\> $ipv4Route.DestinationPrefix = "14.2.20.1/32"
PS C:\> $ipv4Route.metric = 10
PS C:\> $nwConnectionProperties.Routes += $ipv4Route
# Tunnel destination (remote endpoint) address
PS C:\> $nwConnectionProperties.DestinationIPAddress = "10.127.134.122"
# L3 specific configuration (leave blank for GRE)
PS C:\> $nwConnectionProperties.L3Configuration = New-Object Microsoft.Windows.NetworkController.L3Configuration
PS C:\> $nwConnectionProperties.IPAddresses = @()
PS C:\> $nwConnectionProperties.PeerIPAddresses = @()
# Add the new network connection for the tenant
PS C:\> New-NetworkControllerVirtualGatewayNetworkConnection -ConnectionUri $uri -VirtualGatewayId "Contoso" -ResourceId "Contoso_GreGW" -Properties $nwConnectionProperties -Force
This set of cmdlets adds a new GRE connection on Contoso tenant virtual gateway.
Example 3: Add a new GRE network connection to a tenant virtual gateway
PS C:\> $uri = "https://networkcontroller"
#############################################################################
# A. Configure a VNET based Logical Network for the L3 Connection on the NC #
#############################################################################
# Create a new object for the logical network to be used for L3 forwarding
PS C:\> $lnProperties = New-Object Microsoft.Windows.NetworkController.LogicalNetworkProperties
PS C:\> $lnProperties.NetworkVirtualizationEnabled = $false
PS C:\> $lnProperties.Subnets = @()
# Create a new object for the logical subnet to be used for L3 forwarding and update properties
PS C:\> $logicalsubnet = New-Object Microsoft.Windows.NetworkController.LogicalSubnet
PS C:\> $logicalsubnet.ResourceId = "Contoso_L3_Subnet"
PS C:\> $logicalsubnet.Properties = New-Object Microsoft.Windows.NetworkController.LogicalSubnetProperties
PS C:\> $logicalsubnet.Properties.VlanID = 1001
PS C:\> $logicalsubnet.Properties.AddressPrefix = "10.127.134.0/25"
PS C:\> $logicalsubnet.Properties.DefaultGateway = "10.127.134.1"
$lnProperties.Subnets += $logicalsubnet
# Add the new logical network to Network Controller
PS C:\> $vlanNetwork = New-NetworkControllerLogicalNetwork -ConnectionUri $uri -ResourceId "Contoso_L3_Network" -Properties $lnProperties -Force
#######################################################
# B. Configure the L3 Forwarding connection on the NC #
#######################################################
# Create a new object for the tenant network connection
PS C:\> $nwConnectionProperties = New-Object Microsoft.Windows.NetworkController.NetworkConnectionProperties
# Update the common object properties
PS C:\> $nwConnectionProperties.ConnectionType = "L3"
PS C:\> $nwConnectionProperties.OutboundKiloBitsPerSecond = 10000
PS C:\> $nwConnectionProperties.InboundKiloBitsPerSecond = 10000
# GRE-specific configuration (leave blank for L3)
PS C:\> $nwConnectionProperties.GreConfiguration = New-Object Microsoft.Windows.NetworkController.GreConfiguration
# Update specific properties depending on the connection type
PS C:\> $nwConnectionProperties.L3Configuration = New-Object Microsoft.Windows.NetworkController.L3Configuration
PS C:\> $nwConnectionProperties.L3Configuration.VlanSubnet = $vlanNetwork.properties.Subnets[0]
PS C:\> $nwConnectionProperties.IPAddresses = @()
PS C:\> $localIPAddress = New-Object Microsoft.Windows.NetworkController.CidrIPAddress
PS C:\> $localIPAddress.IPAddress = "10.127.134.55"
PS C:\> $localIPAddress.PrefixLength = 25
PS C:\> $nwConnectionProperties.IPAddresses += $localIPAddress
PS C:\> $nwConnectionProperties.PeerIPAddresses = @("10.127.134.65")
# Update the IPv4 routes that are reachable over the site-to-site VPN tunnel
PS C:\> $nwConnectionProperties.Routes = @()
PS C:\> $ipv4Route = New-Object Microsoft.Windows.NetworkController.RouteInfo
PS C:\> $ipv4Route.DestinationPrefix = "14.2.20.1/32"
PS C:\> $ipv4Route.metric = 10
PS C:\> $nwConnectionProperties.Routes += $ipv4Route
# Add the new network connection for the tenant
PS C:\> New-NetworkControllerVirtualGatewayNetworkConnection -ConnectionUri $uri -VirtualGatewayId "Contoso" -ResourceId "Contoso_L3GW" -Properties $nwConnectionProperties -Force
This set of cmdlets adds a new GRE connection on Contoso tenant virtual gateway.
Parameters
-CertificateThumbprint
Specifies the digital public key X.509 certificate of a user account that has permission to perform this action. This is the certificate thumbprint of the certificate.This thumbprint must also be provided in the ClientCertificateThumbprint parameter in the Install-NetworkController or Set-NetworkController cmdlet so that Network Controller can authorize this user.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ConnectionUri
Specifies the Uniform Resource Identifier (URI) of the Network Controller, used by all Representational State Transfer (REST) clients to connect to Network Controller.
Type: | Uri |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Credential
Specifies a user credential that has permission to perform this action. The default value is the current user. This user must be present in the security group provided in the ClientSecurityGroup parameter in the Install-NetworkController cmdlet.
Type: | PSCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Etag
Specifies the entity tag (ETag) of the resource. An ETag is an HTTP response header returned by an HTTP-compliant web server. An ETag is used to determine change in the content of a resource at a given URL. The value of the header is an opaque string representing the state of the resource at the time the response was generated.
Type: | String |
Position: | 6 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
Type: | SwitchParameter |
Position: | 7 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PassInnerException
This thumbprint must also be provided in the ClientCertificateThumbprint parameter in the Install-NetworkController or Set-NetworkController cmdlet so that Network Controller can authorize this user.
The thumbprint must be provided only if the network controller client authentication is X509 certificates. Get-NetworkController retrieves that client authentication and authorization information.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Properties
Specifies the properties of the network connection.
Type: | NetworkConnectionProperties |
Position: | 3 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceId
Specifies the resource ID of the network connection to create.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceMetadata
Specifies metadata information for the client, such as the tenant ID, group ID, and resource name.
Type: | ResourceMetadata |
Position: | 4 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-VirtualGatewayId
Specifies the ID of a virtual gateway.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Microsoft.Windows.NetworkController.NetworkConnectionProperties
Outputs
This cmdlet outputs the following information:
- Resource reference URI.
- Created time of the resource.
- Instance ID of the resource.
- Resource metadata.
- Resource ID.
- Properties of the resource:
"{
""ConnectionType"" : """",
""OutboundKiloBitsPerSecond"" : \<UInt32\>,
""InboundKiloBitsPerSecond"" : \<UInt32\>,
""IPSecConfiguration"": @{
""QuickMode"": @{
""PerfectForwardSecrecy"": """",
""authenticationTransformationConstant"": """",
""cipherTransformationConstant"": """",
""saLifeTimeSeconds"": """",
""idleDisconnectSeconds"": """",
""saLifeTimeKiloBytes"": """"
},
""MainMode"": @{
""diffieHellmanGroup"": """",
""integrityAlgorithm"": """",
""encryptionAlgorithm"": """",
""saLifeTimeSeconds"": """",
""saLifeTimeKiloBytes"": """"
},
""AuthenticationMethod"": """",
""SharedSecret"": """"
},
""GreConfiguration"": @{ ""GREKey"": """"},
""L3Configuration"": @{ ""VlanSubnet"": @{""ResourceRef"": ""\<string\>"" }},
""IPAddresses"": @(),
""PeerIPAddresses"": @(),
""Routes"": @( @{
""DestinationPrefix"": """",
""Metric"": """"
}),
""DestinationIPAddress"" : """"
}"