az network vnet-gateway ipsec-policy
Manage virtual network gateway IPSec policies.
Commands
az network vnet-gateway ipsec-policy add |
Add a virtual network gateway IPSec policy. |
az network vnet-gateway ipsec-policy clear |
Delete all IPsec policies on a virtual network gateway. |
az network vnet-gateway ipsec-policy list |
List IPSec policies associated with a virtual network gateway. |
az network vnet-gateway ipsec-policy add
Add a virtual network gateway IPSec policy.
Set all IPsec policies of a virtual network gateway. If you want to set any IPsec policy, you must set them all.
az network vnet-gateway ipsec-policy add --dh-group {DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, None}
--gateway-name
--ike-encryption {AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES256}
--ike-integrity {GCMAES128, GCMAES256, MD5, SHA1, SHA256, SHA384}
--ipsec-encryption {AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, None}
--ipsec-integrity {GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, SHA256}
--pfs-group {ECP256, ECP384, None, PFS1, PFS14, PFS2, PFS2048, PFS24, PFSMM}
--resource-group
--sa-lifetime
--sa-max-size
[--no-wait]
[--subscription]
Examples
Add specified IPsec policies to a gateway instead of relying on defaults.
az network vnet-gateway ipsec-policy add -g MyResourceGroup --gateway-name MyGateway \
--dh-group DHGroup14 --ike-encryption AES256 --ike-integrity SHA384 --ipsec-encryption DES3 \
--ipsec-integrity GCMAES256 --pfs-group PFS2048 --sa-lifetime 27000 --sa-max-size 102400000
Required Parameters
Required. The DH Group used in IKE Phase 1 for initial SA.
Virtual network gateway name.
Required. The IKE encryption algorithm (IKE phase 2).
Required. The IKE integrity algorithm (IKE phase 2).
Required. The IPSec encryption algorithm (IKE phase 1).
Required. The IPSec integrity algorithm (IKE phase 1).
Required. The Pfs Group used in IKE Phase 2 for new child SA.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Required. The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel.
Required. The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel.
Optional Parameters
Do not wait for the long-running operation to finish.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway ipsec-policy clear
Delete all IPsec policies on a virtual network gateway.
az network vnet-gateway ipsec-policy clear --gateway-name
--resource-group
[--no-wait]
[--subscription]
Examples
Remove all previously specified IPsec policies from a gateway.
az network vnet-gateway ipsec-policy clear -g MyResourceGroup --gateway-name MyConnection
Required Parameters
Virtual network gateway name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Do not wait for the long-running operation to finish.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az network vnet-gateway ipsec-policy list
List IPSec policies associated with a virtual network gateway.
az network vnet-gateway ipsec-policy list --gateway-name
--resource-group
[--query-examples]
[--subscription]
Examples
List the IPsec policies set on a gateway.
az network vnet-gateway ipsec-policy list -g MyResourceGroup --gateway-name MyConnection
Required Parameters
Virtual network gateway name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.