Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If your point-to-site (P2S) VPN environment requires a custom IPsec policy for encryption, you can easily configure a policy object with the required settings. This article helps you create a custom policy object, and then set it using PowerShell.
Verify that you have a functioning point-to-site VPN already configured. If you don't, configure one using the steps the Create a point-to-site VPN article using either PowerShell, or the Azure portal.
You can install and run the Azure PowerShell cmdlets locally on your computer. PowerShell cmdlets are updated frequently. If you haven't installed the latest version, the values specified in the instructions may fail. To find the versions of Azure PowerShell installed on your computer, use the Get-Module -ListAvailable Az cmdlet. To install or update, see Install the Azure PowerShell module.
Declare the variables that you want to use. Use the following sample, replacing the values for your own when necessary. If you close your PowerShell session at any point during the exercise, just copy and paste the values again to redeclare the variables.
$RG = "TestRG" $GWName = "VNet1GW"Create a custom IPsec policy object. Adjust the values in the example to meet your requirements.
$vpnclientipsecpolicy = New-AzVpnClientIpsecPolicy -IpsecEncryption AES256 -IpsecIntegrity SHA256 -SALifeTime 86471 -SADataSize 429496 -IkeEncryption AES256 -IkeIntegrity SHA384 -DhGroup DHGroup2 -PfsGroup PFS2Update your existing P2S VPN gateway and set the IPsec policy.
$gateway = Get-AzVirtualNetworkGateway -ResourceGroupName $RG -name $GWName Set-AzVirtualNetworkGateway -VirtualNetworkGateway $gateway -VpnClientIpsecPolicy $vpnclientipsecpolicy
For more information about P2S configurations, see About point-to-site VPN.