az network vpn-connection

Manage VPN connections.

For more information on site-to-site connections, visit https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-cli. For more information on Vnet-to-Vnet connections, visit https://docs.microsoft.com/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-cli.

Commands

az network vpn-connection create

Create a VPN connection.

az network vpn-connection delete

Delete a VPN connection.

az network vpn-connection ipsec-policy

Manage VPN connection IPSec policies.

az network vpn-connection ipsec-policy add

Add a VPN connection IPSec policy.

az network vpn-connection ipsec-policy clear

Delete all IPsec policies on a VPN connection.

az network vpn-connection ipsec-policy list

List IPSec policies associated with a VPN connection.

az network vpn-connection list

List all VPN connections in a resource group.

az network vpn-connection shared-key

Manage VPN shared keys.

az network vpn-connection shared-key reset

Reset a VPN connection shared key.

az network vpn-connection shared-key show

Retrieve a VPN connection shared key.

az network vpn-connection shared-key update

Update a VPN connection shared key.

az network vpn-connection show

Get the details of a VPN connection.

az network vpn-connection update

Update a VPN connection.

az network vpn-connection create

Create a VPN connection.

The VPN Gateway and Local Network Gateway must be provisioned before creating the connection between them.

az network vpn-connection create --name
                                 --resource-group
                                 --vnet-gateway1
                                 [--authorization-key]
                                 [--enable-bgp]
                                 [--express-route-circuit2]
                                 [--express-route-gateway-bypass {false, true}]
                                 [--local-gateway2]
                                 [--location]
                                 [--routing-weight]
                                 [--shared-key]
                                 [--subscription]
                                 [--tags]
                                 [--use-policy-based-traffic-selectors {false, true}]
                                 [--validate]
                                 [--vnet-gateway2]

Examples

Create a site-to-site connection between an Azure virtual network and an on-premises local network gateway.

az network vpn-connection create -g MyResourceGroup -n MyConnection --vnet-gateway1 MyVnetGateway --local-gateway2 MyLocalGateway --shared-key Abc123

Create a VPN connection. (autogenerated)

az network vpn-connection create --location westus2 --name MyConnection --resource-group MyResourceGroup --shared-key Abc123 --vnet-gateway1 MyVnetGateway --vnet-gateway2 /subscriptions/{subscriptionID}/resourceGroups/TestBGPRG1/providers/Microsoft.Network/virtualNetworkGateways/VNet1GW

Create a VPN connection. (autogenerated)

az network vpn-connection create --local-gateway2 MyLocalGateway --location westus2 --name MyConnection --resource-group MyResourceGroup --shared-key Abc123 --vnet-gateway1 MyVnetGateway

Required Parameters

--name -n

Connection name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--vnet-gateway1

Name or ID of the source virtual network gateway.

Optional Parameters

--authorization-key

The authorization key for the VPN connection.

--enable-bgp

Enable BGP for this VPN connection.

--express-route-circuit2

Name or ID of the destination ExpressRoute to connect to using an 'ExpressRoute' connection.

--express-route-gateway-bypass

Bypass ExpressRoute gateway for data forwarding.

accepted values: false, true
--local-gateway2

Name or ID of the destination local network gateway to connect to using an 'IPSec' connection.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--routing-weight

Connection routing weight.

default value: 10
--shared-key

Shared IPSec key.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--use-policy-based-traffic-selectors

Enable policy-based traffic selectors.

accepted values: false, true
--validate

Display and validate the ARM template but do not create any resources.

--vnet-gateway2

Name or ID of the destination virtual network gateway to connect to using a 'Vnet2Vnet' connection.

az network vpn-connection delete

Delete a VPN connection.

az network vpn-connection delete [--ids]
                                 [--name]
                                 [--resource-group]
                                 [--subscription]

Examples

Delete a VPN connection.

az network vpn-connection delete -g MyResourceGroup -n MyConnection

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Connection name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network vpn-connection list

List all VPN connections in a resource group.

az network vpn-connection list --resource-group
                               [--query-examples]
                               [--subscription]

Examples

List all VPN connections in a resource group.

az network vpn-connection list -g MyResourceGroup

Required Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network vpn-connection show

Get the details of a VPN connection.

az network vpn-connection show [--ids]
                               [--name]
                               [--query-examples]
                               [--resource-group]
                               [--subscription]

Examples

View the details of a VPN connection.

az network vpn-connection show -g MyResourceGroup -n MyConnection

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Connection name.

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network vpn-connection update

Update a VPN connection.

az network vpn-connection update [--add]
                                 [--enable-bgp {false, true}]
                                 [--express-route-gateway-bypass {false, true}]
                                 [--force-string]
                                 [--ids]
                                 [--name]
                                 [--remove]
                                 [--resource-group]
                                 [--routing-weight]
                                 [--set]
                                 [--shared-key]
                                 [--subscription]
                                 [--tags]
                                 [--use-policy-based-traffic-selectors {false, true}]

Examples

Add BGP to an existing connection.

az network vpn-connection update -g MyResourceGroup -n MyConnection --enable-bgp True

Update a VPN connection. (autogenerated)

az network vpn-connection update --name MyConnection --resource-group MyResourceGroup --use-policy-based-traffic-selectors true

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--enable-bgp

Enable BGP (Border Gateway Protocol).

accepted values: false, true
--express-route-gateway-bypass

Bypass ExpressRoute gateway for data forwarding.

accepted values: false, true
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Connection name.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--routing-weight

Connection routing weight.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--shared-key

Shared IPSec key.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--use-policy-based-traffic-selectors

Enable policy-based traffic selectors.

accepted values: false, true