Configure a virtual network gateway for ExpressRoute using PowerShell (classic)

This article will walk you through the steps to add, resize, and remove a virtual network (VNet) gateway for a pre-existing VNet. The steps for this configuration are specifically for VNets that were created using the classic deployment model and that will be used in an ExpressRoute configuration.

Important

As of March 1, 2017, you can't create new ExpressRoute circuits in the classic deployment model.

  • You can move an existing ExpressRoute circuit from the classic deployment model to the Resource Manager deployment model without experiencing any connectivity down time. For more information, see Move an existing circuit.
  • You can connect to virtual networks in the classic deployment model by setting allowClassicOperations to TRUE.

Use the following links to create and manage ExpressRoute circuits in the Resource Manager deployment model:

About Azure deployment models

Azure currently works with two deployment models: Resource Manager and classic. The two models are not completely compatible with each other. Before you begin, you need to know which model that you want to work in. For information about the deployment models, see Understanding deployment models. If you are new to Azure, we recommend that you use the Resource Manager deployment model.

Before beginning

Verify that you have installed the Azure PowerShell cmdlets needed for this configuration.

Install the latest versions of the Azure Service Management (SM) PowerShell modules and the ExpressRoute module.

  1. Use the instructions in the Installing the Service Management module article to install the Azure Service Management Module. If you have the Az or RM module already installed, be sure to use '-AllowClobber'.

  2. Import the installed modules. When using the following example, adjust the path to reflect the location and version of your installed PowerShell modules.

    Import-Module 'C:\Program Files\WindowsPowerShell\Modules\Azure\5.3.0\Azure.psd1'
    Import-Module 'C:\Program Files\WindowsPowerShell\Modules\Azure\5.3.0\ExpressRoute\ExpressRoute.psd1'
    
  3. To sign in to your Azure account, open your PowerShell console with elevated rights and connect to your account. Use the following example to help you connect using the Service Management module:

    Add-AzureAccount
    

Note

These examples do not apply to S2S/ExpressRoute coexist configurations. For more information about working with gateways in a coexist configuration, see Configure coexisting connections.

Add a gateway

When you add a gateway to a virtual network using the classic resource model, you modify the network configuration file directly before creating the gateway. The values in the examples below must be present in the file to create a gateway. If your virtual network previously had a gateway associated to it, some of these values will already be present. Modify the file to reflect the values below.

Download the network configuration file

  1. Download the network configuration file using the steps in network configuration file article. Open the file using a text editor.

  2. Add a local network site to the file. You can use any valid address prefix. You can add any valid IP address for the VPN gateway. The address values in this section are not used for ExpressRoute operations, but are required for file validation. In the example, "branch1" is the name of the site. You may use a different name, but be sure to use the same value in the Gateway section of the file.

    <VirtualNetworkConfiguration>
     <Dns />
     <LocalNetworkSites>
       <LocalNetworkSite name="branch1">
         <AddressSpace>
           <AddressPrefix>165.3.1.0/27</AddressPrefix>
         </AddressSpace>
         <VPNGatewayAddress>3.2.1.4</VPNGatewayAddress>
     </LocalNetworkSite>
    
  3. Navigate to the VirtualNetworkSites and modify the fields.

    • Verify that the Gateway Subnet exists for your virtual network. If it does not, you can add one at this time. The name must be "GatewaySubnet".
    • Verify the Gateway section of the file exists. If it doesn't, add it. This is required to associate the virtual network with the local network site (which represents the network to which you are connecting).
    • Verify that the connection type = Dedicated. This is required for ExpressRoute connections.
    </LocalNetworkSites>
     <VirtualNetworkSites>
       <VirtualNetworkSite name="myAzureVNET" Location="China East">
         <AddressSpace>
           <AddressPrefix>10.0.0.0/16</AddressPrefix>
         </AddressSpace>
         <Subnets>
           <Subnet name="default">
             <AddressPrefix>10.0.0.0/24</AddressPrefix>
           </Subnet>
           <Subnet name="GatewaySubnet">
             <AddressPrefix>10.0.1.0/27</AddressPrefix>
           </Subnet>
         </Subnets>
         <Gateway>
           <ConnectionsToLocalNetwork>
             <LocalNetworkSiteRef name="branch1">
               <Connection type="Dedicated" />
             </LocalNetworkSiteRef>
           </ConnectionsToLocalNetwork>
         </Gateway>
       </VirtualNetworkSite>
     </VirtualNetworkSites>
    </VirtualNetworkConfiguration>
    </NetworkConfiguration>
    
  4. Save the file and upload it to Azure.

Create the gateway

Use the command below to create a gateway. Substitute any values for your own.

New-AzureVNetGateway -VNetName "MyAzureVNET" -GatewayType DynamicRouting -GatewaySKU  Standard

Verify the gateway was created

Use the command below to verify that the gateway has been created. This command also retrieves the gateway ID, which you need for other operations.

Get-AzureVNetGateway

Resize a gateway

There are a number of Gateway SKUs. You can use the following command to change the Gateway SKU at any time.

Important

This command doesn't work for UltraPerformance gateway. To change your gateway to an UltraPerformance gateway, first remove the existing ExpressRoute gateway, and then create a new UltraPerformance gateway. To downgrade your gateway from an UltraPerformance gateway, first remove the UltraPerformance gateway, and then create a new gateway.

Resize-AzureVNetGateway -GatewayId <Gateway ID> -GatewaySKU HighPerformance

Remove a gateway

Use the command below to remove a gateway

Remove-AzureVnetGateway -GatewayId <Gateway ID>

Next steps

After you have created the VNet gateway, you can link your VNet to an ExpressRoute circuit. See Link a Virtual Network to an ExpressRoute circuit.