使用 PowerShell 创建 VPN 网关并添加站点到站点连接Create a VPN Gateway and add a Site-to-Site connection using PowerShell

此脚本创建基于路由的 VPN 网关,并添加站点到站点配置。This script creates a route-based VPN Gateway and adds Site-to-Site configuration. 若要创建连接,还需要配置 VPN 设备。In order to create the connection, you also need to configure your VPN device. 有关详细信息,请参阅关于用于站点到站点 VPN 网关连接的 VPN 设备和 IPsec/IKE 参数For more information, see About VPN devices and IPsec/IKE parameters for Site-to-Site VPN Gateway connections.

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

# Declare variables
  $VNetName  = "VNet1"
  $FESubName = "FrontEnd"
  $BESubName = "Backend"
  $GWSubName = "GatewaySubnet"
  $VNetPrefix1 = "10.0.0.0/16"
  $FESubPrefix = "10.1.0.0/24"
  $BESubPrefix = "10.1.1.0/24"
  $GWSubPrefix = "10.1.255.0/27"
  $VPNClientAddressPool = "192.168.0.0/24"
  $RG = "TestRG1"
  $Location = "China North"
  $GWName = "VNet1GW"
  $GWIPName = "VNet1GWIP"
  $GWIPconfName = "gwipconf"
# Create a resource group
New-AzResourceGroup -Name TestRG1 -Location ChinaNorth
# Create a virtual network
$virtualNetwork = New-AzVirtualNetwork `
  -ResourceGroupName TestRG1 `
  -Location ChinaNorth `
  -Name VNet1 `
  -AddressPrefix 10.1.0.0/16
# Create a subnet configuration
$subnetConfig = Add-AzVirtualNetworkSubnetConfig `
  -Name Frontend `
  -AddressPrefix 10.1.0.0/24 `
  -VirtualNetwork $virtualNetwork
# Set the subnet configuration for the virtual network
$virtualNetwork | Set-AzVirtualNetwork
# Add a gateway subnet
$vnet = Get-AzVirtualNetwork -ResourceGroupName TestRG1 -Name VNet1
Add-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 10.1.255.0/27 -VirtualNetwork $vnet
# Set the subnet configuration for the virtual network
$vnet | Set-AzVirtualNetwork
# Request a public IP address
$gwpip= New-AzPublicIpAddress -Name VNet1GWIP -ResourceGroupName TestRG1 -Location 'China North' `
 -AllocationMethod Dynamic
# Create the gateway IP address configuration
$vnet = Get-AzVirtualNetwork -Name VNet1 -ResourceGroupName TestRG1
$subnet = Get-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
$gwipconfig = New-AzVirtualNetworkGatewayIpConfig -Name gwipconfig1 -SubnetId $subnet.Id -PublicIpAddressId $gwpip.Id
# Create the VPN gateway
New-AzVirtualNetworkGateway -Name VNet1GW -ResourceGroupName TestRG1 `
 -Location 'China North' -IpConfigurations $gwipconfig -GatewayType Vpn `
 -VpnType RouteBased -GatewaySku VpnGw1
# Create the local network gateway
New-AzLocalNetworkGateway -Name Site1 -ResourceGroupName TestRG1 `
 -Location 'China North' -GatewayIpAddress '23.99.221.164' -AddressPrefix @('10.101.0.0/24','10.101.1.0/24')
# Configure your on-premises VPN device
# Create the VPN connection
$gateway1 = Get-AzVirtualNetworkGateway -Name VNet1GW -ResourceGroupName TestRG1
$local = Get-AzLocalNetworkGateway -Name Site1 -ResourceGroupName TestRG1
New-AzVirtualNetworkGatewayConnection -Name VNet1toSite1 -ResourceGroupName TestRG1 `
 -Location 'China North' -VirtualNetworkGateway1 $gateway1 -LocalNetworkGateway2 $local `
 -ConnectionType IPsec -RoutingWeight 10 -SharedKey 'abc123'

清理资源Clean up resources

如果不再需要所创建的资源,请使用 Remove-AzResourceGroup 命令删除资源组。When you no longer need the resources you created, use the Remove-AzResourceGroup command to delete the resource group. 这将删除资源组及其包含的所有资源。This will delete the resource group and all of the resources it contains.

Remove-AzResourceGroup -Name TestRG1

脚本说明Script explanation

此脚本使用以下命令创建部署。This script uses the following commands to create the deployment. 表中的每一项均链接到特定于命令的文档。Each item in the table links to command specific documentation.

CommandCommand 说明Notes
Add-AzVirtualNetworkSubnetConfigAdd-AzVirtualNetworkSubnetConfig 添加子网配置。Adds a subnet configuration. 在虚拟网络创建过程中将使用此配置。This configuration is used with the virtual network creation process.
Get-AzVirtualNetworkGet-AzVirtualNetwork 获取虚拟网络详细信息。Gets a virtual network details.
Get-AzVirtualNetworkGatewayGet-AzVirtualNetworkGateway 获取虚拟网络网关详细信息。Gets virtual network gateway details.
Get-AzLocalNetworkGatewayGet-AzLocalNetworkGateway 获取本地网络网关详细信息。Gets local network gateway details.
Get-AzVirtualNetworkSubnetConfigGet-AzVirtualNetworkSubnetConfig 获取虚拟网络子网配置详细信息。Gets the virtual network subnet configuration details.
New-AzResourceGroupNew-AzResourceGroup 创建用于存储所有资源的资源组。Creates a resource group in which all resources are stored.
New-AzVirtualNetworkSubnetConfigNew-AzVirtualNetworkSubnetConfig 创建子网配置。Creates a subnet configuration. 在虚拟网络创建过程中将使用此配置。This configuration is used with the virtual network creation process.
New-AzVirtualNetworkNew-AzVirtualNetwork 创建虚拟网络。Creates a virtual network.
New-AzPublicIpAddressNew-AzPublicIpAddress 创建公共 IP 地址。Creates a public IP address.
New-AzVirtualNetworkGatewayIpConfigNew-AzVirtualNetworkGatewayIpConfig 新建网关 IP 配置。Creates a new gateway ip configuration.
New-AzVirtualNetworkGatewayNew-AzVirtualNetworkGateway 创建 VPN 网关。Creates a VPN gateway.
New-AzLocalNetworkGatewayNew-AzLocalNetworkGateway 创建本地网络网关。Creates a local network gateway.
New-AzVirtualNetworkGatewayConnectionNew-AzVirtualNetworkGatewayConnection 创建站点到站点连接。Creates a site-to-site connection.
Remove-AzResourceGroupRemove-AzResourceGroup 删除资源组及其中包含的所有资源。Removes a resource group and all resources contained within.
Set-AzVirtualNetworkSet-AzVirtualNetwork 设置虚拟网络的子网配置。Sets the subnet configuration for the virtual network.
Set-AzVirtualNetworkGatewaySet-AzVirtualNetworkGateway 设置 VPN 网关的配置。Sets the configuration for the VPN gateway.

后续步骤Next steps

有关 Azure PowerShell 模块的详细信息,请参阅 Azure PowerShell 文档For more information on the Azure PowerShell module, see Azure PowerShell documentation.