使用 PowerShell 创建 VPN 网关并添加站点到站点连接Create a VPN Gateway and add a Site-to-Site connection using PowerShell

此脚本创建基于路由的 VPN 网关,并添加站点到站点配置。This script creates a route-based VPN Gateway and adds Site-to-Site configuration. 若要创建连接,还需要配置 VPN 设备。In order to create the connection, you also need to configure your VPN device. 有关详细信息,请参阅关于用于站点到站点 VPN 网关连接的 VPN 设备和 IPsec/IKE 参数For more information, see About VPN devices and IPsec/IKE parameters for Site-to-Site VPN Gateway connections.

# Declare variables
  $VNetName  = "VNet1"
  $RG = "TestRG1"
  $Location = "China North"
  $FESubName = "FrontEnd"
  $BESubName = "BackEnd"
  $GWSubName = "GatewaySubnet"
  $VNetPrefix1 = "10.1.0.0/16"
  $FESubPrefix = "10.1.0.0/24"
  $BESubPrefix = "10.1.1.0/24"
  $GWSubPrefix = "10.1.255.0/27"
  $VPNClientAddressPool = "192.168.0.0/24"
  $GWName = "VNet1GW"
  $GWIPName = "VNet1GWIP"
  $GWIPconfName = "gwipconf"
  $LNGName = "Site1"
# Create a resource group
New-AzResourceGroup -Name $RG -Location $Location
# Create a virtual network
$virtualNetwork = New-AzVirtualNetwork `
  -ResourceGroupName $RG `
  -Location $Location `
  -Name $VNetName `
  -AddressPrefix $VNetPrefix1
# Create a subnet configuration
$subnetConfig = Add-AzVirtualNetworkSubnetConfig `
  -Name $FESubName `
  -AddressPrefix $FESubPrefix `
  -VirtualNetwork $virtualNetwork
# Set the subnet configuration for the virtual network
$virtualNetwork | Set-AzVirtualNetwork
# Add a gateway subnet
$vnet = Get-AzVirtualNetwork -ResourceGroupName $RG -Name $VNetName
Add-AzVirtualNetworkSubnetConfig -Name $GWSubName -AddressPrefix $GWSubPrefix -VirtualNetwork $vnet
# Set the subnet configuration for the virtual network
$vnet | Set-AzVirtualNetwork
# Request a public IP address
$gwpip= New-AzPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Location `
 -AllocationMethod Dynamic
# Create the gateway IP address configuration
$vnet = Get-AzVirtualNetwork -Name $VNetName -ResourceGroupName $RG
$subnet = Get-AzVirtualNetworkSubnetConfig -Name $GWSubName -VirtualNetwork $vnet
$gwipconfig = New-AzVirtualNetworkGatewayIpConfig -Name $GWIPconfName -SubnetId $subnet.Id -PublicIpAddressId $gwpip.Id
# Create the VPN gateway
New-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG `
 -Location $Location -IpConfigurations $gwipconfig -GatewayType Vpn `
 -VpnType RouteBased -GatewaySku VpnGw1
# Create the local network gateway
New-AzLocalNetworkGateway -Name $LNGName -ResourceGroupName $RG `
 -Location $Location -GatewayIpAddress '23.99.221.164' -AddressPrefix @('10.101.0.0/24','10.101.1.0/24')
# Configure your on-premises VPN device
# Create the VPN connection
$gateway1 = Get-AzVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG
$local = Get-AzLocalNetworkGateway -Name $LNGName -ResourceGroupName $RG
New-AzVirtualNetworkGatewayConnection -Name VNet1toSite1 -ResourceGroupName $RG `
-Location $Location -VirtualNetworkGateway1 $gateway1 -LocalNetworkGateway2 $local `
-ConnectionType IPsec -ConnectionProtocol IKEv2 -RoutingWeight 10 -SharedKey 'abc123'

清理资源Clean up resources

如果不再需要所创建的资源,请使用 Remove-AzResourceGroup 命令删除资源组。When you no longer need the resources you created, use the Remove-AzResourceGroup command to delete the resource group. 这将删除资源组及其包含的所有资源。This will delete the resource group and all of the resources it contains.

Remove-AzResourceGroup -Name TestRG1

脚本说明Script explanation

此脚本使用以下命令创建部署。This script uses the following commands to create the deployment. 表中的每一项均链接到特定于命令的文档。Each item in the table links to command specific documentation.

CommandCommand 说明Notes
Add-AzVirtualNetworkSubnetConfigAdd-AzVirtualNetworkSubnetConfig 添加子网配置。Adds a subnet configuration. 在虚拟网络创建过程中将使用此配置。This configuration is used with the virtual network creation process.
Get-AzVirtualNetworkGet-AzVirtualNetwork 获取虚拟网络详细信息。Gets virtual network details.
Get-AzVirtualNetworkGatewayGet-AzVirtualNetworkGateway 获取虚拟网络网关详细信息。Gets virtual network gateway details.
Get-AzLocalNetworkGatewayGet-AzLocalNetworkGateway 获取本地网络网关详细信息。Gets local network gateway details.
Get-AzVirtualNetworkSubnetConfigGet-AzVirtualNetworkSubnetConfig 获取虚拟网络子网配置详细信息。Gets the virtual network subnet configuration details.
New-AzResourceGroupNew-AzResourceGroup 创建用于存储所有资源的资源组。Creates a resource group in which all resources are stored.
New-AzVirtualNetworkSubnetConfigNew-AzVirtualNetworkSubnetConfig 创建子网配置。Creates a subnet configuration. 在虚拟网络创建过程中将使用此配置。This configuration is used with the virtual network creation process.
New-AzVirtualNetworkNew-AzVirtualNetwork 创建虚拟网络。Creates a virtual network.
New-AzPublicIpAddressNew-AzPublicIpAddress 创建公共 IP 地址。Creates a public IP address.
New-AzVirtualNetworkGatewayIpConfigNew-AzVirtualNetworkGatewayIpConfig 新建网关 IP 配置。Creates a new gateway ip configuration.
New-AzVirtualNetworkGatewayNew-AzVirtualNetworkGateway 创建 VPN 网关。Creates a VPN gateway.
New-AzLocalNetworkGatewayNew-AzLocalNetworkGateway 创建本地网络网关。Creates a local network gateway.
New-AzVirtualNetworkGatewayConnectionNew-AzVirtualNetworkGatewayConnection 创建站点到站点连接。Creates a site-to-site connection.
Remove-AzResourceGroupRemove-AzResourceGroup 删除资源组及其中包含的所有资源。Removes a resource group and all resources contained within.
Set-AzVirtualNetworkSet-AzVirtualNetwork 设置虚拟网络的子网配置。Sets the subnet configuration for the virtual network.
Set-AzVirtualNetworkGatewaySet-AzVirtualNetworkGateway 设置 VPN 网关的配置。Sets the configuration for the VPN gateway.

后续步骤Next steps

有关 Azure PowerShell 模块的详细信息,请参阅 Azure PowerShell 文档For more information on the Azure PowerShell module, see Azure PowerShell documentation.