VirtualNetworkGateway

Manages a Virtual Network Gateway to establish secure, cross-premises connectivity.

Note: Please be aware that provisioning a Virtual Network Gateway takes a long time (between 30 minutes and 1 hour)

Create a VirtualNetworkGateway Resource

new VirtualNetworkGateway(name: string, args: VirtualNetworkGatewayArgs, opts?: CustomResourceOptions);

def VirtualNetworkGateway(resource_name, opts=None, active_active=None, bgp_settings=None, default_local_network_gateway_id=None, enable_bgp=None, generation=None, ip_configurations=None, location=None, name=None, resource_group_name=None, sku=None, tags=None, type=None, vpn_client_configuration=None, vpn_type=None, __props__=None);

func NewVirtualNetworkGateway(ctx *Context, name string, args VirtualNetworkGatewayArgs, opts ...ResourceOption) (*VirtualNetworkGateway, error)

public VirtualNetworkGateway(string name, VirtualNetworkGatewayArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args VirtualNetworkGatewayArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args VirtualNetworkGatewayArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args VirtualNetworkGatewayArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

VirtualNetworkGateway Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The VirtualNetworkGateway resource accepts the following input properties:

IpConfigurations List<VirtualNetworkGatewayIpConfigurationArgs>: One or two ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block whereas an active-active gateway requires exactly two ip_configuration blocks.
ResourceGroupName string: The name of the resource group in which to create the Virtual Network Gateway. Changing the resource group name forces a new resource to be created.
Sku string: Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic sku. Further, the UltraPerformance sku is only supported by an ExpressRoute gateway.
Type string: The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
ActiveActive bool: If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance sku. If false, an active-standby gateway will be created. Defaults to false.
BgpSettings VirtualNetworkGatewayBgpSettingsArgs
DefaultLocalNetworkGatewayId string: The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
EnableBgp bool: If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
Generation string: The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None.
Location string: The location/region where the Virtual Network Gateway is located. Changing the location/region forces a new resource to be created.
Name string: A user-defined name of the revoked certificate.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
VpnClientConfiguration VirtualNetworkGatewayVpnClientConfigurationArgs: A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
VpnType string: The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased.

IpConfigurations []VirtualNetworkGatewayIpConfiguration: One or two ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block whereas an active-active gateway requires exactly two ip_configuration blocks.
ResourceGroupName string: The name of the resource group in which to create the Virtual Network Gateway. Changing the resource group name forces a new resource to be created.
Sku string: Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic sku. Further, the UltraPerformance sku is only supported by an ExpressRoute gateway.
Type string: The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
ActiveActive bool: If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance sku. If false, an active-standby gateway will be created. Defaults to false.
BgpSettings VirtualNetworkGatewayBgpSettings
DefaultLocalNetworkGatewayId string: The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
EnableBgp bool: If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
Generation string: The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None.
Location string: The location/region where the Virtual Network Gateway is located. Changing the location/region forces a new resource to be created.
Name string: A user-defined name of the revoked certificate.
Tags map[string]string: A mapping of tags to assign to the resource.
VpnClientConfiguration VirtualNetworkGatewayVpnClientConfiguration: A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
VpnType string: The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased.

ipConfigurations VirtualNetworkGatewayIpConfiguration[]: One or two ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block whereas an active-active gateway requires exactly two ip_configuration blocks.
resourceGroupName string: The name of the resource group in which to create the Virtual Network Gateway. Changing the resource group name forces a new resource to be created.
sku string: Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic sku. Further, the UltraPerformance sku is only supported by an ExpressRoute gateway.
type string: The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
activeActive boolean: If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance sku. If false, an active-standby gateway will be created. Defaults to false.
bgpSettings VirtualNetworkGatewayBgpSettings
defaultLocalNetworkGatewayId string: The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
enableBgp boolean: If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
generation string: The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None.
location string: The location/region where the Virtual Network Gateway is located. Changing the location/region forces a new resource to be created.
name string: A user-defined name of the revoked certificate.
tags {[key: string]: string}: A mapping of tags to assign to the resource.
vpnClientConfiguration VirtualNetworkGatewayVpnClientConfiguration: A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
vpnType string: The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased.

ip_configurations List[VirtualNetworkGatewayIpConfiguration]: One or two ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block whereas an active-active gateway requires exactly two ip_configuration blocks.
resource_group_name str: The name of the resource group in which to create the Virtual Network Gateway. Changing the resource group name forces a new resource to be created.
sku str: Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic sku. Further, the UltraPerformance sku is only supported by an ExpressRoute gateway.
type str: The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
active_active bool: If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance sku. If false, an active-standby gateway will be created. Defaults to false.
bgp_settings Dict[VirtualNetworkGatewayBgpSettings]
default_local_network_gateway_id str: The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
enable_bgp bool: If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
generation str: The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None.
location str: The location/region where the Virtual Network Gateway is located. Changing the location/region forces a new resource to be created.
name str: A user-defined name of the revoked certificate.
tags Dict[str, str]: A mapping of tags to assign to the resource.
vpn_client_configuration Dict[VirtualNetworkGatewayVpnClientConfiguration]: A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
vpn_type str: The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased.

Outputs

All input properties are implicitly available as output properties. Additionally, the VirtualNetworkGateway resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing VirtualNetworkGateway Resource

Get an existing VirtualNetworkGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VirtualNetworkGatewayState, opts?: CustomResourceOptions): VirtualNetworkGateway

static get(resource_name, id, opts=None, active_active=None, bgp_settings=None, default_local_network_gateway_id=None, enable_bgp=None, generation=None, ip_configurations=None, location=None, name=None, resource_group_name=None, sku=None, tags=None, type=None, vpn_client_configuration=None, vpn_type=None, __props__=None);

func GetVirtualNetworkGateway(ctx *Context, name string, id IDInput, state *VirtualNetworkGatewayState, opts ...ResourceOption) (*VirtualNetworkGateway, error)

public static VirtualNetworkGateway Get(string name, Input<string> id, VirtualNetworkGatewayState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

ActiveActive bool: If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance sku. If false, an active-standby gateway will be created. Defaults to false.
BgpSettings VirtualNetworkGatewayBgpSettingsArgs
DefaultLocalNetworkGatewayId string: The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
EnableBgp bool: If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
Generation string: The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None.
IpConfigurations List<VirtualNetworkGatewayIpConfigurationArgs>: One or two ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block whereas an active-active gateway requires exactly two ip_configuration blocks.
Location string: The location/region where the Virtual Network Gateway is located. Changing the location/region forces a new resource to be created.
Name string: A user-defined name of the revoked certificate.
ResourceGroupName string: The name of the resource group in which to create the Virtual Network Gateway. Changing the resource group name forces a new resource to be created.
Sku string: Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic sku. Further, the UltraPerformance sku is only supported by an ExpressRoute gateway.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
Type string: The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
VpnClientConfiguration VirtualNetworkGatewayVpnClientConfigurationArgs: A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
VpnType string: The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased.

ActiveActive bool: If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance sku. If false, an active-standby gateway will be created. Defaults to false.
BgpSettings VirtualNetworkGatewayBgpSettings
DefaultLocalNetworkGatewayId string: The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
EnableBgp bool: If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
Generation string: The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None.
IpConfigurations []VirtualNetworkGatewayIpConfiguration: One or two ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block whereas an active-active gateway requires exactly two ip_configuration blocks.
Location string: The location/region where the Virtual Network Gateway is located. Changing the location/region forces a new resource to be created.
Name string: A user-defined name of the revoked certificate.
ResourceGroupName string: The name of the resource group in which to create the Virtual Network Gateway. Changing the resource group name forces a new resource to be created.
Sku string: Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic sku. Further, the UltraPerformance sku is only supported by an ExpressRoute gateway.
Tags map[string]string: A mapping of tags to assign to the resource.
Type string: The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
VpnClientConfiguration VirtualNetworkGatewayVpnClientConfiguration: A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
VpnType string: The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased.

activeActive boolean: If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance sku. If false, an active-standby gateway will be created. Defaults to false.
bgpSettings VirtualNetworkGatewayBgpSettings
defaultLocalNetworkGatewayId string: The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
enableBgp boolean: If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
generation string: The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None.
ipConfigurations VirtualNetworkGatewayIpConfiguration[]: One or two ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block whereas an active-active gateway requires exactly two ip_configuration blocks.
location string: The location/region where the Virtual Network Gateway is located. Changing the location/region forces a new resource to be created.
name string: A user-defined name of the revoked certificate.
resourceGroupName string: The name of the resource group in which to create the Virtual Network Gateway. Changing the resource group name forces a new resource to be created.
sku string: Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic sku. Further, the UltraPerformance sku is only supported by an ExpressRoute gateway.
tags {[key: string]: string}: A mapping of tags to assign to the resource.
type string: The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
vpnClientConfiguration VirtualNetworkGatewayVpnClientConfiguration: A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
vpnType string: The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased.

active_active bool: If true, an active-active Virtual Network Gateway will be created. An active-active gateway requires a HighPerformance or an UltraPerformance sku. If false, an active-standby gateway will be created. Defaults to false.
bgp_settings Dict[VirtualNetworkGatewayBgpSettings]
default_local_network_gateway_id str: The ID of the local network gateway through which outbound Internet traffic from the virtual network in which the gateway is created will be routed (forced tunnelling). Refer to the Azure documentation on forced tunnelling. If not specified, forced tunnelling is disabled.
enable_bgp bool: If true, BGP (Border Gateway Protocol) will be enabled for this Virtual Network Gateway. Defaults to false.
generation str: The Generation of the Virtual Network gateway. Possible values include Generation1, Generation2 or None.
ip_configurations List[VirtualNetworkGatewayIpConfiguration]: One or two ip_configuration blocks documented below. An active-standby gateway requires exactly one ip_configuration block whereas an active-active gateway requires exactly two ip_configuration blocks.
location str: The location/region where the Virtual Network Gateway is located. Changing the location/region forces a new resource to be created.
name str: A user-defined name of the revoked certificate.
resource_group_name str: The name of the resource group in which to create the Virtual Network Gateway. Changing the resource group name forces a new resource to be created.
sku str: Configuration of the size and capacity of the virtual network gateway. Valid options are Basic, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ, VpnGw1, VpnGw2, VpnGw3, VpnGw4,VpnGw5, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ,VpnGw4AZ and VpnGw5AZ and depend on the type, vpn_type and generation arguments. A PolicyBased gateway only supports the Basic sku. Further, the UltraPerformance sku is only supported by an ExpressRoute gateway.
tags Dict[str, str]: A mapping of tags to assign to the resource.
type str: The type of the Virtual Network Gateway. Valid options are Vpn or ExpressRoute. Changing the type forces a new resource to be created.
vpn_client_configuration Dict[VirtualNetworkGatewayVpnClientConfiguration]: A vpn_client_configuration block which is documented below. In this block the Virtual Network Gateway can be configured to accept IPSec point-to-site connections.
vpn_type str: The routing type of the Virtual Network Gateway. Valid options are RouteBased or PolicyBased. Defaults to RouteBased.

Supporting Types

VirtualNetworkGatewayBgpSettings

See the input and output API doc for this type.

Asn int: The Autonomous System Number (ASN) to use as part of the BGP.
PeerWeight int: The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.
PeeringAddress string: The BGP peer IP address of the virtual network gateway. This address is needed to configure the created gateway as a BGP Peer on the on-premises VPN devices. The IP address must be part of the subnet of the Virtual Network Gateway. Changing this forces a new resource to be created.

Asn int: The Autonomous System Number (ASN) to use as part of the BGP.
PeerWeight int: The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.
PeeringAddress string: The BGP peer IP address of the virtual network gateway. This address is needed to configure the created gateway as a BGP Peer on the on-premises VPN devices. The IP address must be part of the subnet of the Virtual Network Gateway. Changing this forces a new resource to be created.

asn number: The Autonomous System Number (ASN) to use as part of the BGP.
peerWeight number: The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.
peeringAddress string: The BGP peer IP address of the virtual network gateway. This address is needed to configure the created gateway as a BGP Peer on the on-premises VPN devices. The IP address must be part of the subnet of the Virtual Network Gateway. Changing this forces a new resource to be created.

asn float: The Autonomous System Number (ASN) to use as part of the BGP.
peerWeight float: The weight added to routes which have been learned through BGP peering. Valid values can be between 0 and 100.
peeringAddress str: The BGP peer IP address of the virtual network gateway. This address is needed to configure the created gateway as a BGP Peer on the on-premises VPN devices. The IP address must be part of the subnet of the Virtual Network Gateway. Changing this forces a new resource to be created.

VirtualNetworkGatewayIpConfiguration

See the input and output API doc for this type.

PublicIpAddressId string: The ID of the public ip address to associate with the Virtual Network Gateway.
SubnetId string: The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.
Name string: A user-defined name of the revoked certificate.
PrivateIpAddressAllocation string: Defines how the private IP address of the gateways virtual interface is assigned. Valid options are Static or Dynamic. Defaults to Dynamic.

PublicIpAddressId string: The ID of the public ip address to associate with the Virtual Network Gateway.
SubnetId string: The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.
Name string: A user-defined name of the revoked certificate.
PrivateIpAddressAllocation string: Defines how the private IP address of the gateways virtual interface is assigned. Valid options are Static or Dynamic. Defaults to Dynamic.

publicIpAddressId string: The ID of the public ip address to associate with the Virtual Network Gateway.
subnetId string: The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.
name string: A user-defined name of the revoked certificate.
privateIpAddressAllocation string: Defines how the private IP address of the gateways virtual interface is assigned. Valid options are Static or Dynamic. Defaults to Dynamic.

public_ip_address_id str: The ID of the public ip address to associate with the Virtual Network Gateway.
subnet_id str: The ID of the gateway subnet of a virtual network in which the virtual network gateway will be created. It is mandatory that the associated subnet is named GatewaySubnet. Therefore, each virtual network can contain at most a single Virtual Network Gateway.
name str: A user-defined name of the revoked certificate.
privateIpAddressAllocation str: Defines how the private IP address of the gateways virtual interface is assigned. Valid options are Static or Dynamic. Defaults to Dynamic.

VirtualNetworkGatewayVpnClientConfiguration

See the input and output API doc for this type.

AddressSpaces List<string>: The address space out of which ip addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
RadiusServerAddress string: The address of the Radius server. This setting is incompatible with the use of root_certificate and revoked_certificate.
RadiusServerSecret string: The secret used by the Radius server. This setting is incompatible with the use of root_certificate and revoked_certificate.
RevokedCertificates List<VirtualNetworkGatewayVpnClientConfigurationRevokedCertificateArgs>: One or more revoked_certificate blocks which are defined below. This setting is incompatible with the use of radius_server_address and radius_server_secret.
RootCertificates List<VirtualNetworkGatewayVpnClientConfigurationRootCertificateArgs>: One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway. This setting is incompatible with the use of radius_server_address and radius_server_secret.
VpnClientProtocols List<string>: List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN.

AddressSpaces []string: The address space out of which ip addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
RadiusServerAddress string: The address of the Radius server. This setting is incompatible with the use of root_certificate and revoked_certificate.
RadiusServerSecret string: The secret used by the Radius server. This setting is incompatible with the use of root_certificate and revoked_certificate.
RevokedCertificates []VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate: One or more revoked_certificate blocks which are defined below. This setting is incompatible with the use of radius_server_address and radius_server_secret.
RootCertificates []VirtualNetworkGatewayVpnClientConfigurationRootCertificate: One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway. This setting is incompatible with the use of radius_server_address and radius_server_secret.
VpnClientProtocols []string: List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN.

addressSpaces string[]: The address space out of which ip addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
radiusServerAddress string: The address of the Radius server. This setting is incompatible with the use of root_certificate and revoked_certificate.
radiusServerSecret string: The secret used by the Radius server. This setting is incompatible with the use of root_certificate and revoked_certificate.
revokedCertificates VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate[]: One or more revoked_certificate blocks which are defined below. This setting is incompatible with the use of radius_server_address and radius_server_secret.
rootCertificates VirtualNetworkGatewayVpnClientConfigurationRootCertificate[]: One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway. This setting is incompatible with the use of radius_server_address and radius_server_secret.
vpnClientProtocols string[]: List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN.

address_spaces List[str]: The address space out of which ip addresses for vpn clients will be taken. You can provide more than one address space, e.g. in CIDR notation.
radiusServerAddress str: The address of the Radius server. This setting is incompatible with the use of root_certificate and revoked_certificate.
radiusServerSecret str: The secret used by the Radius server. This setting is incompatible with the use of root_certificate and revoked_certificate.
revokedCertificates List[VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate]: One or more revoked_certificate blocks which are defined below. This setting is incompatible with the use of radius_server_address and radius_server_secret.
rootCertificates List[VirtualNetworkGatewayVpnClientConfigurationRootCertificate]: One or more root_certificate blocks which are defined below. These root certificates are used to sign the client certificate used by the VPN clients to connect to the gateway. This setting is incompatible with the use of radius_server_address and radius_server_secret.
vpnClientProtocols List[str]: List of the protocols supported by the vpn client. The supported values are SSTP, IkeV2 and OpenVPN.

VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate

See the input and output API doc for this type.

Name string: A user-defined name of the revoked certificate.
Thumbprint string

Name string: A user-defined name of the revoked certificate.
Thumbprint string

name string: A user-defined name of the revoked certificate.
thumbprint string

name str: A user-defined name of the revoked certificate.
thumbprint str

VirtualNetworkGatewayVpnClientConfigurationRootCertificate

See the input and output API doc for this type.

Name string: A user-defined name of the revoked certificate.
PublicCertData string: The SHA1 thumbprint of the certificate to be revoked.

Name string: A user-defined name of the revoked certificate.
PublicCertData string: The SHA1 thumbprint of the certificate to be revoked.

name string: A user-defined name of the revoked certificate.
publicCertData string: The SHA1 thumbprint of the certificate to be revoked.

name str: A user-defined name of the revoked certificate.
publicCertData str: The SHA1 thumbprint of the certificate to be revoked.

Package Details

Repository: https://github.com/pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

VirtualNetworkGateway

Create a VirtualNetworkGateway Resource

VirtualNetworkGateway Resource Properties

Inputs

Outputs

Look up an Existing VirtualNetworkGateway Resource

Supporting Types

VirtualNetworkGatewayBgpSettings

VirtualNetworkGatewayIpConfiguration

VirtualNetworkGatewayVpnClientConfiguration

VirtualNetworkGatewayVpnClientConfigurationRevokedCertificate

VirtualNetworkGatewayVpnClientConfigurationRootCertificate

Package Details

On This Page