Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
- Latest
- 2025-01-01
- 2024-10-01
- 2024-07-01
- 2024-05-01
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-04-01
- 2019-02-01
- 2018-12-01
- 2018-11-01
- 2018-10-01
- 2018-08-01
- 2018-07-01
- 2018-06-01
- 2018-04-01
- 2018-02-01
- 2018-01-01
- 2017-11-01
- 2017-10-01
- 2017-09-01
- 2017-08-01
- 2017-06-01
- 2017-03-30
- 2017-03-01
- 2016-12-01
- 2016-09-01
- 2016-06-01
- 2016-03-30
- 2015-06-15
- 2015-05-01-preview
Bicep resource definition
The connections resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/connections resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/connections@2017-03-30' = {
  scope: resourceSymbolicName or scope
  etag: 'string'
  ___location: 'string'
  name: 'string'
  properties: {
    authorizationKey: 'string'
    connectionType: 'string'
    enableBgp: bool
    ipsecPolicies: [
      {
        dhGroup: 'string'
        ikeEncryption: 'string'
        ikeIntegrity: 'string'
        ipsecEncryption: 'string'
        ipsecIntegrity: 'string'
        pfsGroup: 'string'
        saDataSizeKilobytes: int
        saLifeTimeSeconds: int
      }
    ]
    localNetworkGateway2: {
      etag: 'string'
      id: 'string'
      ___location: 'string'
      properties: {
        bgpSettings: {
          asn: int
          bgpPeeringAddress: 'string'
          peerWeight: int
        }
        gatewayIpAddress: 'string'
        localNetworkAddressSpace: {
          addressPrefixes: [
            'string'
          ]
        }
        resourceGuid: 'string'
      }
      tags: {
        {customized property}: 'string'
      }
    }
    peer: {
      id: 'string'
    }
    resourceGuid: 'string'
    routingWeight: int
    sharedKey: 'string'
    usePolicyBasedTrafficSelectors: bool
    virtualNetworkGateway1: {
      etag: 'string'
      id: 'string'
      ___location: 'string'
      properties: {
        activeActive: bool
        bgpSettings: {
          asn: int
          bgpPeeringAddress: 'string'
          peerWeight: int
        }
        enableBgp: bool
        gatewayDefaultSite: {
          id: 'string'
        }
        gatewayType: 'string'
        ipConfigurations: [
          {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: {
              privateIPAllocationMethod: 'string'
              publicIPAddress: {
                id: 'string'
              }
              subnet: {
                id: 'string'
              }
            }
          }
        ]
        resourceGuid: 'string'
        sku: {
          capacity: int
          name: 'string'
          tier: 'string'
        }
        vpnClientConfiguration: {
          vpnClientAddressPool: {
            addressPrefixes: [
              'string'
            ]
          }
          vpnClientRevokedCertificates: [
            {
              etag: 'string'
              id: 'string'
              name: 'string'
              properties: {
                thumbprint: 'string'
              }
            }
          ]
          vpnClientRootCertificates: [
            {
              etag: 'string'
              id: 'string'
              name: 'string'
              properties: {
                publicCertData: 'string'
              }
            }
          ]
        }
        vpnType: 'string'
      }
      tags: {
        {customized property}: 'string'
      }
    }
    virtualNetworkGateway2: {
      etag: 'string'
      id: 'string'
      ___location: 'string'
      properties: {
        activeActive: bool
        bgpSettings: {
          asn: int
          bgpPeeringAddress: 'string'
          peerWeight: int
        }
        enableBgp: bool
        gatewayDefaultSite: {
          id: 'string'
        }
        gatewayType: 'string'
        ipConfigurations: [
          {
            etag: 'string'
            id: 'string'
            name: 'string'
            properties: {
              privateIPAllocationMethod: 'string'
              publicIPAddress: {
                id: 'string'
              }
              subnet: {
                id: 'string'
              }
            }
          }
        ]
        resourceGuid: 'string'
        sku: {
          capacity: int
          name: 'string'
          tier: 'string'
        }
        vpnClientConfiguration: {
          vpnClientAddressPool: {
            addressPrefixes: [
              'string'
            ]
          }
          vpnClientRevokedCertificates: [
            {
              etag: 'string'
              id: 'string'
              name: 'string'
              properties: {
                thumbprint: 'string'
              }
            }
          ]
          vpnClientRootCertificates: [
            {
              etag: 'string'
              id: 'string'
              name: 'string'
              properties: {
                publicCertData: 'string'
              }
            }
          ]
        }
        vpnType: 'string'
      }
      tags: {
        {customized property}: 'string'
      }
    }
  }
  tags: {
    {customized property}: 'string'
  }
}
Property Values
Microsoft.Network/connections
| Name | Description | Value | 
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated. | string | 
| ___location | Resource ___location. | string | 
| name | The resource name | string (required) | 
| properties | VirtualNetworkGatewayConnection properties | VirtualNetworkGatewayConnectionPropertiesFormat (required) | 
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
AddressSpace
| Name | Description | Value | 
|---|---|---|
| addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] | 
BgpSettings
| Name | Description | Value | 
|---|---|---|
| asn | The BGP speaker's ASN. | int | 
| bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string | 
| peerWeight | The weight added to routes learned from this BGP speaker. | int | 
IpsecPolicy
| Name | Description | Value | 
|---|---|---|
| dhGroup | The DH Groups used in IKE Phase 1 for initial SA. | 'DHGroup1' 'DHGroup14' 'DHGroup2' 'DHGroup2048' 'DHGroup24' 'ECP256' 'ECP384' 'None' (required) | 
| ikeEncryption | The IKE encryption algorithm (IKE phase 2). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' (required) | 
| ikeIntegrity | The IKE integrity algorithm (IKE phase 2). | 'MD5' 'SHA1' 'SHA256' 'SHA384' (required) | 
| ipsecEncryption | The IPSec encryption algorithm (IKE phase 1). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES192' 'GCMAES256' 'None' (required) | 
| ipsecIntegrity | The IPSec integrity algorithm (IKE phase 1). | 'GCMAES128' 'GCMAES192' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' (required) | 
| pfsGroup | The DH Groups used in IKE Phase 2 for new child SA. | 'ECP256' 'ECP384' 'None' 'PFS1' 'PFS2' 'PFS2048' 'PFS24' (required) | 
| saDataSizeKilobytes | The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. | int (required) | 
| saLifeTimeSeconds | The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. | int (required) | 
LocalNetworkGateway
| Name | Description | Value | 
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| ___location | Resource ___location. | string | 
| properties | LocalNetworkGateway properties | LocalNetworkGatewayPropertiesFormat (required) | 
| tags | Resource tags. | ResourceTags | 
LocalNetworkGatewayPropertiesFormat
| Name | Description | Value | 
|---|---|---|
| bgpSettings | Local network gateway's BGP speaker settings. | BgpSettings | 
| gatewayIpAddress | IP address of local network gateway. | string | 
| localNetworkAddressSpace | Local network site address space. | AddressSpace | 
| resourceGuid | The resource GUID property of the LocalNetworkGateway resource. | string | 
ResourceTags
| Name | Description | Value | 
|---|
ResourceTags
| Name | Description | Value | 
|---|
ResourceTags
| Name | Description | Value | 
|---|
SubResource
| Name | Description | Value | 
|---|---|---|
| id | Resource ID. | string | 
VirtualNetworkGateway
| Name | Description | Value | 
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| ___location | Resource ___location. | string | 
| properties | VirtualNetworkGateway properties | VirtualNetworkGatewayPropertiesFormat (required) | 
| tags | Resource tags. | ResourceTags | 
VirtualNetworkGatewayConnectionPropertiesFormat
| Name | Description | Value | 
|---|---|---|
| authorizationKey | The authorizationKey. | string | 
| connectionType | Gateway connection type. Possible values are: 'IPsec','Vnet2Vnet','ExpressRoute', and 'VPNClient. | 'ExpressRoute' 'IPsec' 'Vnet2Vnet' 'VPNClient' (required) | 
| enableBgp | EnableBgp flag | bool | 
| ipsecPolicies | The IPSec Policies to be considered by this connection. | IpsecPolicy[] | 
| localNetworkGateway2 | A common class for general resource information | LocalNetworkGateway | 
| peer | The reference to peerings resource. | SubResource | 
| resourceGuid | The resource GUID property of the VirtualNetworkGatewayConnection resource. | string | 
| routingWeight | The routing weight. | int | 
| sharedKey | The IPSec shared key. | string | 
| usePolicyBasedTrafficSelectors | Enable policy-based traffic selectors. | bool | 
| virtualNetworkGateway1 | A common class for general resource information | VirtualNetworkGateway (required) | 
| virtualNetworkGateway2 | A common class for general resource information | VirtualNetworkGateway | 
VirtualNetworkGatewayIPConfiguration
| Name | Description | Value | 
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of VirtualNetworkGatewayIPConfiguration | VirtualNetworkGatewayIPConfigurationPropertiesFormat | 
VirtualNetworkGatewayIPConfigurationPropertiesFormat
| Name | Description | Value | 
|---|---|---|
| privateIPAllocationMethod | The private IP allocation method. Possible values are: 'Static' and 'Dynamic'. | 'Dynamic' 'Static' | 
| publicIPAddress | The reference of the public IP resource. | SubResource | 
| subnet | The reference of the subnet resource. | SubResource | 
VirtualNetworkGatewayPropertiesFormat
| Name | Description | Value | 
|---|---|---|
| activeActive | ActiveActive flag | bool | 
| bgpSettings | Virtual network gateway's BGP speaker settings. | BgpSettings | 
| enableBgp | Whether BGP is enabled for this virtual network gateway or not. | bool | 
| gatewayDefaultSite | The reference of the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. | SubResource | 
| gatewayType | The type of this virtual network gateway. Possible values are: 'Vpn' and 'ExpressRoute'. | 'ExpressRoute' 'Vpn' | 
| ipConfigurations | IP configurations for virtual network gateway. | VirtualNetworkGatewayIPConfiguration[] | 
| resourceGuid | The resource GUID property of the VirtualNetworkGateway resource. | string | 
| sku | The reference of the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway. | VirtualNetworkGatewaySku | 
| vpnClientConfiguration | The reference of the VpnClientConfiguration resource which represents the P2S VpnClient configurations. | VpnClientConfiguration | 
| vpnType | The type of this virtual network gateway. Possible values are: 'PolicyBased' and 'RouteBased'. | 'PolicyBased' 'RouteBased' | 
VirtualNetworkGatewaySku
| Name | Description | Value | 
|---|---|---|
| capacity | The capacity. | int | 
| name | Gateway SKU name. | 'Basic' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw2' 'VpnGw3' | 
| tier | Gateway SKU tier. | 'Basic' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw2' 'VpnGw3' | 
VpnClientConfiguration
| Name | Description | Value | 
|---|---|---|
| vpnClientAddressPool | The reference of the address space resource which represents Address space for P2S VpnClient. | AddressSpace | 
| vpnClientRevokedCertificates | VpnClientRevokedCertificate for Virtual network gateway. | VpnClientRevokedCertificate[] | 
| vpnClientRootCertificates | VpnClientRootCertificate for virtual network gateway. | VpnClientRootCertificate[] | 
VpnClientRevokedCertificate
| Name | Description | Value | 
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of the revoked VPN client certificate of virtual network gateway. | VpnClientRevokedCertificatePropertiesFormat | 
VpnClientRevokedCertificatePropertiesFormat
| Name | Description | Value | 
|---|---|---|
| thumbprint | The revoked VPN client certificate thumbprint. | string | 
VpnClientRootCertificate
| Name | Description | Value | 
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of SSL certificates of application gateway | VpnClientRootCertificatePropertiesFormat (required) | 
VpnClientRootCertificatePropertiesFormat
| Name | Description | Value | 
|---|---|---|
| publicCertData | The certificate public data. | string (required) | 
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description | 
|---|---|
| Virtual Network Gateway Connection | AVM Resource Module for Virtual Network Gateway Connection | 
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description | 
|---|---|
| Create a BGP VNET to VNET connection | This template allows you to connect two VNETs using Virtual Network Gateways and BGP | 
| Site-to-Site VPN with active-active VPN Gateways with BGP | This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones. | 
ARM template resource definition
The connections resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/connections resource, add the following JSON to your template.
{
  "type": "Microsoft.Network/connections",
  "apiVersion": "2017-03-30",
  "name": "string",
  "etag": "string",
  "___location": "string",
  "properties": {
    "authorizationKey": "string",
    "connectionType": "string",
    "enableBgp": "bool",
    "ipsecPolicies": [
      {
        "dhGroup": "string",
        "ikeEncryption": "string",
        "ikeIntegrity": "string",
        "ipsecEncryption": "string",
        "ipsecIntegrity": "string",
        "pfsGroup": "string",
        "saDataSizeKilobytes": "int",
        "saLifeTimeSeconds": "int"
      }
    ],
    "localNetworkGateway2": {
      "etag": "string",
      "id": "string",
      "___location": "string",
      "properties": {
        "bgpSettings": {
          "asn": "int",
          "bgpPeeringAddress": "string",
          "peerWeight": "int"
        },
        "gatewayIpAddress": "string",
        "localNetworkAddressSpace": {
          "addressPrefixes": [ "string" ]
        },
        "resourceGuid": "string"
      },
      "tags": {
        "{customized property}": "string"
      }
    },
    "peer": {
      "id": "string"
    },
    "resourceGuid": "string",
    "routingWeight": "int",
    "sharedKey": "string",
    "usePolicyBasedTrafficSelectors": "bool",
    "virtualNetworkGateway1": {
      "etag": "string",
      "id": "string",
      "___location": "string",
      "properties": {
        "activeActive": "bool",
        "bgpSettings": {
          "asn": "int",
          "bgpPeeringAddress": "string",
          "peerWeight": "int"
        },
        "enableBgp": "bool",
        "gatewayDefaultSite": {
          "id": "string"
        },
        "gatewayType": "string",
        "ipConfigurations": [
          {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": {
              "privateIPAllocationMethod": "string",
              "publicIPAddress": {
                "id": "string"
              },
              "subnet": {
                "id": "string"
              }
            }
          }
        ],
        "resourceGuid": "string",
        "sku": {
          "capacity": "int",
          "name": "string",
          "tier": "string"
        },
        "vpnClientConfiguration": {
          "vpnClientAddressPool": {
            "addressPrefixes": [ "string" ]
          },
          "vpnClientRevokedCertificates": [
            {
              "etag": "string",
              "id": "string",
              "name": "string",
              "properties": {
                "thumbprint": "string"
              }
            }
          ],
          "vpnClientRootCertificates": [
            {
              "etag": "string",
              "id": "string",
              "name": "string",
              "properties": {
                "publicCertData": "string"
              }
            }
          ]
        },
        "vpnType": "string"
      },
      "tags": {
        "{customized property}": "string"
      }
    },
    "virtualNetworkGateway2": {
      "etag": "string",
      "id": "string",
      "___location": "string",
      "properties": {
        "activeActive": "bool",
        "bgpSettings": {
          "asn": "int",
          "bgpPeeringAddress": "string",
          "peerWeight": "int"
        },
        "enableBgp": "bool",
        "gatewayDefaultSite": {
          "id": "string"
        },
        "gatewayType": "string",
        "ipConfigurations": [
          {
            "etag": "string",
            "id": "string",
            "name": "string",
            "properties": {
              "privateIPAllocationMethod": "string",
              "publicIPAddress": {
                "id": "string"
              },
              "subnet": {
                "id": "string"
              }
            }
          }
        ],
        "resourceGuid": "string",
        "sku": {
          "capacity": "int",
          "name": "string",
          "tier": "string"
        },
        "vpnClientConfiguration": {
          "vpnClientAddressPool": {
            "addressPrefixes": [ "string" ]
          },
          "vpnClientRevokedCertificates": [
            {
              "etag": "string",
              "id": "string",
              "name": "string",
              "properties": {
                "thumbprint": "string"
              }
            }
          ],
          "vpnClientRootCertificates": [
            {
              "etag": "string",
              "id": "string",
              "name": "string",
              "properties": {
                "publicCertData": "string"
              }
            }
          ]
        },
        "vpnType": "string"
      },
      "tags": {
        "{customized property}": "string"
      }
    }
  },
  "tags": {
    "{customized property}": "string"
  }
}
Property Values
Microsoft.Network/connections
| Name | Description | Value | 
|---|---|---|
| apiVersion | The api version | '2017-03-30' | 
| etag | Gets a unique read-only string that changes whenever the resource is updated. | string | 
| ___location | Resource ___location. | string | 
| name | The resource name | string (required) | 
| properties | VirtualNetworkGatewayConnection properties | VirtualNetworkGatewayConnectionPropertiesFormat (required) | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
| type | The resource type | 'Microsoft.Network/connections' | 
AddressSpace
| Name | Description | Value | 
|---|---|---|
| addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] | 
BgpSettings
| Name | Description | Value | 
|---|---|---|
| asn | The BGP speaker's ASN. | int | 
| bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string | 
| peerWeight | The weight added to routes learned from this BGP speaker. | int | 
IpsecPolicy
| Name | Description | Value | 
|---|---|---|
| dhGroup | The DH Groups used in IKE Phase 1 for initial SA. | 'DHGroup1' 'DHGroup14' 'DHGroup2' 'DHGroup2048' 'DHGroup24' 'ECP256' 'ECP384' 'None' (required) | 
| ikeEncryption | The IKE encryption algorithm (IKE phase 2). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' (required) | 
| ikeIntegrity | The IKE integrity algorithm (IKE phase 2). | 'MD5' 'SHA1' 'SHA256' 'SHA384' (required) | 
| ipsecEncryption | The IPSec encryption algorithm (IKE phase 1). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES192' 'GCMAES256' 'None' (required) | 
| ipsecIntegrity | The IPSec integrity algorithm (IKE phase 1). | 'GCMAES128' 'GCMAES192' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' (required) | 
| pfsGroup | The DH Groups used in IKE Phase 2 for new child SA. | 'ECP256' 'ECP384' 'None' 'PFS1' 'PFS2' 'PFS2048' 'PFS24' (required) | 
| saDataSizeKilobytes | The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. | int (required) | 
| saLifeTimeSeconds | The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. | int (required) | 
LocalNetworkGateway
| Name | Description | Value | 
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| ___location | Resource ___location. | string | 
| properties | LocalNetworkGateway properties | LocalNetworkGatewayPropertiesFormat (required) | 
| tags | Resource tags. | ResourceTags | 
LocalNetworkGatewayPropertiesFormat
| Name | Description | Value | 
|---|---|---|
| bgpSettings | Local network gateway's BGP speaker settings. | BgpSettings | 
| gatewayIpAddress | IP address of local network gateway. | string | 
| localNetworkAddressSpace | Local network site address space. | AddressSpace | 
| resourceGuid | The resource GUID property of the LocalNetworkGateway resource. | string | 
ResourceTags
| Name | Description | Value | 
|---|
ResourceTags
| Name | Description | Value | 
|---|
ResourceTags
| Name | Description | Value | 
|---|
SubResource
| Name | Description | Value | 
|---|---|---|
| id | Resource ID. | string | 
VirtualNetworkGateway
| Name | Description | Value | 
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| ___location | Resource ___location. | string | 
| properties | VirtualNetworkGateway properties | VirtualNetworkGatewayPropertiesFormat (required) | 
| tags | Resource tags. | ResourceTags | 
VirtualNetworkGatewayConnectionPropertiesFormat
| Name | Description | Value | 
|---|---|---|
| authorizationKey | The authorizationKey. | string | 
| connectionType | Gateway connection type. Possible values are: 'IPsec','Vnet2Vnet','ExpressRoute', and 'VPNClient. | 'ExpressRoute' 'IPsec' 'Vnet2Vnet' 'VPNClient' (required) | 
| enableBgp | EnableBgp flag | bool | 
| ipsecPolicies | The IPSec Policies to be considered by this connection. | IpsecPolicy[] | 
| localNetworkGateway2 | A common class for general resource information | LocalNetworkGateway | 
| peer | The reference to peerings resource. | SubResource | 
| resourceGuid | The resource GUID property of the VirtualNetworkGatewayConnection resource. | string | 
| routingWeight | The routing weight. | int | 
| sharedKey | The IPSec shared key. | string | 
| usePolicyBasedTrafficSelectors | Enable policy-based traffic selectors. | bool | 
| virtualNetworkGateway1 | A common class for general resource information | VirtualNetworkGateway (required) | 
| virtualNetworkGateway2 | A common class for general resource information | VirtualNetworkGateway | 
VirtualNetworkGatewayIPConfiguration
| Name | Description | Value | 
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of VirtualNetworkGatewayIPConfiguration | VirtualNetworkGatewayIPConfigurationPropertiesFormat | 
VirtualNetworkGatewayIPConfigurationPropertiesFormat
| Name | Description | Value | 
|---|---|---|
| privateIPAllocationMethod | The private IP allocation method. Possible values are: 'Static' and 'Dynamic'. | 'Dynamic' 'Static' | 
| publicIPAddress | The reference of the public IP resource. | SubResource | 
| subnet | The reference of the subnet resource. | SubResource | 
VirtualNetworkGatewayPropertiesFormat
| Name | Description | Value | 
|---|---|---|
| activeActive | ActiveActive flag | bool | 
| bgpSettings | Virtual network gateway's BGP speaker settings. | BgpSettings | 
| enableBgp | Whether BGP is enabled for this virtual network gateway or not. | bool | 
| gatewayDefaultSite | The reference of the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. | SubResource | 
| gatewayType | The type of this virtual network gateway. Possible values are: 'Vpn' and 'ExpressRoute'. | 'ExpressRoute' 'Vpn' | 
| ipConfigurations | IP configurations for virtual network gateway. | VirtualNetworkGatewayIPConfiguration[] | 
| resourceGuid | The resource GUID property of the VirtualNetworkGateway resource. | string | 
| sku | The reference of the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway. | VirtualNetworkGatewaySku | 
| vpnClientConfiguration | The reference of the VpnClientConfiguration resource which represents the P2S VpnClient configurations. | VpnClientConfiguration | 
| vpnType | The type of this virtual network gateway. Possible values are: 'PolicyBased' and 'RouteBased'. | 'PolicyBased' 'RouteBased' | 
VirtualNetworkGatewaySku
| Name | Description | Value | 
|---|---|---|
| capacity | The capacity. | int | 
| name | Gateway SKU name. | 'Basic' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw2' 'VpnGw3' | 
| tier | Gateway SKU tier. | 'Basic' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw2' 'VpnGw3' | 
VpnClientConfiguration
| Name | Description | Value | 
|---|---|---|
| vpnClientAddressPool | The reference of the address space resource which represents Address space for P2S VpnClient. | AddressSpace | 
| vpnClientRevokedCertificates | VpnClientRevokedCertificate for Virtual network gateway. | VpnClientRevokedCertificate[] | 
| vpnClientRootCertificates | VpnClientRootCertificate for virtual network gateway. | VpnClientRootCertificate[] | 
VpnClientRevokedCertificate
| Name | Description | Value | 
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of the revoked VPN client certificate of virtual network gateway. | VpnClientRevokedCertificatePropertiesFormat | 
VpnClientRevokedCertificatePropertiesFormat
| Name | Description | Value | 
|---|---|---|
| thumbprint | The revoked VPN client certificate thumbprint. | string | 
VpnClientRootCertificate
| Name | Description | Value | 
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of SSL certificates of application gateway | VpnClientRootCertificatePropertiesFormat (required) | 
VpnClientRootCertificatePropertiesFormat
| Name | Description | Value | 
|---|---|---|
| publicCertData | The certificate public data. | string (required) | 
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description | 
|---|---|
| Connect an ExpressRoute circuit to a VNET | This template creates a VNET, an ExpresRoute Gateway and a connection to a provisioned and enabled ExpressRoute circuit with AzurePrivatePeering configured. | 
| Create a BGP VNET to VNET connection | This template allows you to connect two VNETs using Virtual Network Gateways and BGP | 
| Create a Site-to-Site VPN Connection | This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways | 
| Create a Site-to-Site VPN Connection with VM | This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways | 
| Create a VNET to VNET connection across two regions | This template allows you to connect two VNETs in different regions using Virtual Network Gateways | 
| Create three vNets to demonstrate transitive BGP connections | This template deploys three vNets connected using Virtual Network Gateways and BGP-enabled connections | 
| Deploy HBase geo replication | This template allows you to configure an Azure environment for HBase replication across two different regions with VPN vnet-to-vnet connection. | 
| Extend an existing Azure VNET to a Multi-VNET Configuration | This template allows you to extend an existing single VNET environment to a Multi-VNET environment that extends across two datacenter regions using VNET-to-VNET gateways | 
| Site-to-Site VPN with active-active VPN Gateways with BGP | This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones. | 
| VPN Custom IPSec Policy | This custom IPSec Policy allows more granular configuration of the IKE Parameters. This allows you to deploy a site-to-site VPN Policy to support specific settings on your VPN Endpoit Device. | 
Terraform (AzAPI provider) resource definition
The connections resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/connections resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/connections@2017-03-30"
  name = "string"
  parent_id = "string"
  ___location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    etag = "string"
    properties = {
      authorizationKey = "string"
      connectionType = "string"
      enableBgp = bool
      ipsecPolicies = [
        {
          dhGroup = "string"
          ikeEncryption = "string"
          ikeIntegrity = "string"
          ipsecEncryption = "string"
          ipsecIntegrity = "string"
          pfsGroup = "string"
          saDataSizeKilobytes = int
          saLifeTimeSeconds = int
        }
      ]
      localNetworkGateway2 = {
        etag = "string"
        id = "string"
        ___location = "string"
        properties = {
          bgpSettings = {
            asn = int
            bgpPeeringAddress = "string"
            peerWeight = int
          }
          gatewayIpAddress = "string"
          localNetworkAddressSpace = {
            addressPrefixes = [
              "string"
            ]
          }
          resourceGuid = "string"
        }
        tags = {
          {customized property} = "string"
        }
      }
      peer = {
        id = "string"
      }
      resourceGuid = "string"
      routingWeight = int
      sharedKey = "string"
      usePolicyBasedTrafficSelectors = bool
      virtualNetworkGateway1 = {
        etag = "string"
        id = "string"
        ___location = "string"
        properties = {
          activeActive = bool
          bgpSettings = {
            asn = int
            bgpPeeringAddress = "string"
            peerWeight = int
          }
          enableBgp = bool
          gatewayDefaultSite = {
            id = "string"
          }
          gatewayType = "string"
          ipConfigurations = [
            {
              etag = "string"
              id = "string"
              name = "string"
              properties = {
                privateIPAllocationMethod = "string"
                publicIPAddress = {
                  id = "string"
                }
                subnet = {
                  id = "string"
                }
              }
            }
          ]
          resourceGuid = "string"
          sku = {
            capacity = int
            name = "string"
            tier = "string"
          }
          vpnClientConfiguration = {
            vpnClientAddressPool = {
              addressPrefixes = [
                "string"
              ]
            }
            vpnClientRevokedCertificates = [
              {
                etag = "string"
                id = "string"
                name = "string"
                properties = {
                  thumbprint = "string"
                }
              }
            ]
            vpnClientRootCertificates = [
              {
                etag = "string"
                id = "string"
                name = "string"
                properties = {
                  publicCertData = "string"
                }
              }
            ]
          }
          vpnType = "string"
        }
        tags = {
          {customized property} = "string"
        }
      }
      virtualNetworkGateway2 = {
        etag = "string"
        id = "string"
        ___location = "string"
        properties = {
          activeActive = bool
          bgpSettings = {
            asn = int
            bgpPeeringAddress = "string"
            peerWeight = int
          }
          enableBgp = bool
          gatewayDefaultSite = {
            id = "string"
          }
          gatewayType = "string"
          ipConfigurations = [
            {
              etag = "string"
              id = "string"
              name = "string"
              properties = {
                privateIPAllocationMethod = "string"
                publicIPAddress = {
                  id = "string"
                }
                subnet = {
                  id = "string"
                }
              }
            }
          ]
          resourceGuid = "string"
          sku = {
            capacity = int
            name = "string"
            tier = "string"
          }
          vpnClientConfiguration = {
            vpnClientAddressPool = {
              addressPrefixes = [
                "string"
              ]
            }
            vpnClientRevokedCertificates = [
              {
                etag = "string"
                id = "string"
                name = "string"
                properties = {
                  thumbprint = "string"
                }
              }
            ]
            vpnClientRootCertificates = [
              {
                etag = "string"
                id = "string"
                name = "string"
                properties = {
                  publicCertData = "string"
                }
              }
            ]
          }
          vpnType = "string"
        }
        tags = {
          {customized property} = "string"
        }
      }
    }
  }
}
Property Values
Microsoft.Network/connections
| Name | Description | Value | 
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated. | string | 
| ___location | Resource ___location. | string | 
| name | The resource name | string (required) | 
| parent_id | The ID of the resource to apply this extension resource to. | string (required) | 
| properties | VirtualNetworkGatewayConnection properties | VirtualNetworkGatewayConnectionPropertiesFormat (required) | 
| tags | Resource tags | Dictionary of tag names and values. | 
| type | The resource type | "Microsoft.Network/connections@2017-03-30" | 
AddressSpace
| Name | Description | Value | 
|---|---|---|
| addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] | 
BgpSettings
| Name | Description | Value | 
|---|---|---|
| asn | The BGP speaker's ASN. | int | 
| bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string | 
| peerWeight | The weight added to routes learned from this BGP speaker. | int | 
IpsecPolicy
| Name | Description | Value | 
|---|---|---|
| dhGroup | The DH Groups used in IKE Phase 1 for initial SA. | 'DHGroup1' 'DHGroup14' 'DHGroup2' 'DHGroup2048' 'DHGroup24' 'ECP256' 'ECP384' 'None' (required) | 
| ikeEncryption | The IKE encryption algorithm (IKE phase 2). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' (required) | 
| ikeIntegrity | The IKE integrity algorithm (IKE phase 2). | 'MD5' 'SHA1' 'SHA256' 'SHA384' (required) | 
| ipsecEncryption | The IPSec encryption algorithm (IKE phase 1). | 'AES128' 'AES192' 'AES256' 'DES' 'DES3' 'GCMAES128' 'GCMAES192' 'GCMAES256' 'None' (required) | 
| ipsecIntegrity | The IPSec integrity algorithm (IKE phase 1). | 'GCMAES128' 'GCMAES192' 'GCMAES256' 'MD5' 'SHA1' 'SHA256' (required) | 
| pfsGroup | The DH Groups used in IKE Phase 2 for new child SA. | 'ECP256' 'ECP384' 'None' 'PFS1' 'PFS2' 'PFS2048' 'PFS24' (required) | 
| saDataSizeKilobytes | The IPSec Security Association (also called Quick Mode or Phase 2 SA) payload size in KB for a site to site VPN tunnel. | int (required) | 
| saLifeTimeSeconds | The IPSec Security Association (also called Quick Mode or Phase 2 SA) lifetime in seconds for a site to site VPN tunnel. | int (required) | 
LocalNetworkGateway
| Name | Description | Value | 
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| ___location | Resource ___location. | string | 
| properties | LocalNetworkGateway properties | LocalNetworkGatewayPropertiesFormat (required) | 
| tags | Resource tags. | ResourceTags | 
LocalNetworkGatewayPropertiesFormat
| Name | Description | Value | 
|---|---|---|
| bgpSettings | Local network gateway's BGP speaker settings. | BgpSettings | 
| gatewayIpAddress | IP address of local network gateway. | string | 
| localNetworkAddressSpace | Local network site address space. | AddressSpace | 
| resourceGuid | The resource GUID property of the LocalNetworkGateway resource. | string | 
ResourceTags
| Name | Description | Value | 
|---|
ResourceTags
| Name | Description | Value | 
|---|
ResourceTags
| Name | Description | Value | 
|---|
SubResource
| Name | Description | Value | 
|---|---|---|
| id | Resource ID. | string | 
VirtualNetworkGateway
| Name | Description | Value | 
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| ___location | Resource ___location. | string | 
| properties | VirtualNetworkGateway properties | VirtualNetworkGatewayPropertiesFormat (required) | 
| tags | Resource tags. | ResourceTags | 
VirtualNetworkGatewayConnectionPropertiesFormat
| Name | Description | Value | 
|---|---|---|
| authorizationKey | The authorizationKey. | string | 
| connectionType | Gateway connection type. Possible values are: 'IPsec','Vnet2Vnet','ExpressRoute', and 'VPNClient. | 'ExpressRoute' 'IPsec' 'Vnet2Vnet' 'VPNClient' (required) | 
| enableBgp | EnableBgp flag | bool | 
| ipsecPolicies | The IPSec Policies to be considered by this connection. | IpsecPolicy[] | 
| localNetworkGateway2 | A common class for general resource information | LocalNetworkGateway | 
| peer | The reference to peerings resource. | SubResource | 
| resourceGuid | The resource GUID property of the VirtualNetworkGatewayConnection resource. | string | 
| routingWeight | The routing weight. | int | 
| sharedKey | The IPSec shared key. | string | 
| usePolicyBasedTrafficSelectors | Enable policy-based traffic selectors. | bool | 
| virtualNetworkGateway1 | A common class for general resource information | VirtualNetworkGateway (required) | 
| virtualNetworkGateway2 | A common class for general resource information | VirtualNetworkGateway | 
VirtualNetworkGatewayIPConfiguration
| Name | Description | Value | 
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of VirtualNetworkGatewayIPConfiguration | VirtualNetworkGatewayIPConfigurationPropertiesFormat | 
VirtualNetworkGatewayIPConfigurationPropertiesFormat
| Name | Description | Value | 
|---|---|---|
| privateIPAllocationMethod | The private IP allocation method. Possible values are: 'Static' and 'Dynamic'. | 'Dynamic' 'Static' | 
| publicIPAddress | The reference of the public IP resource. | SubResource | 
| subnet | The reference of the subnet resource. | SubResource | 
VirtualNetworkGatewayPropertiesFormat
| Name | Description | Value | 
|---|---|---|
| activeActive | ActiveActive flag | bool | 
| bgpSettings | Virtual network gateway's BGP speaker settings. | BgpSettings | 
| enableBgp | Whether BGP is enabled for this virtual network gateway or not. | bool | 
| gatewayDefaultSite | The reference of the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. | SubResource | 
| gatewayType | The type of this virtual network gateway. Possible values are: 'Vpn' and 'ExpressRoute'. | 'ExpressRoute' 'Vpn' | 
| ipConfigurations | IP configurations for virtual network gateway. | VirtualNetworkGatewayIPConfiguration[] | 
| resourceGuid | The resource GUID property of the VirtualNetworkGateway resource. | string | 
| sku | The reference of the VirtualNetworkGatewaySku resource which represents the SKU selected for Virtual network gateway. | VirtualNetworkGatewaySku | 
| vpnClientConfiguration | The reference of the VpnClientConfiguration resource which represents the P2S VpnClient configurations. | VpnClientConfiguration | 
| vpnType | The type of this virtual network gateway. Possible values are: 'PolicyBased' and 'RouteBased'. | 'PolicyBased' 'RouteBased' | 
VirtualNetworkGatewaySku
| Name | Description | Value | 
|---|---|---|
| capacity | The capacity. | int | 
| name | Gateway SKU name. | 'Basic' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw2' 'VpnGw3' | 
| tier | Gateway SKU tier. | 'Basic' 'HighPerformance' 'Standard' 'UltraPerformance' 'VpnGw1' 'VpnGw2' 'VpnGw3' | 
VpnClientConfiguration
| Name | Description | Value | 
|---|---|---|
| vpnClientAddressPool | The reference of the address space resource which represents Address space for P2S VpnClient. | AddressSpace | 
| vpnClientRevokedCertificates | VpnClientRevokedCertificate for Virtual network gateway. | VpnClientRevokedCertificate[] | 
| vpnClientRootCertificates | VpnClientRootCertificate for virtual network gateway. | VpnClientRootCertificate[] | 
VpnClientRevokedCertificate
| Name | Description | Value | 
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of the revoked VPN client certificate of virtual network gateway. | VpnClientRevokedCertificatePropertiesFormat | 
VpnClientRevokedCertificatePropertiesFormat
| Name | Description | Value | 
|---|---|---|
| thumbprint | The revoked VPN client certificate thumbprint. | string | 
VpnClientRootCertificate
| Name | Description | Value | 
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated. | string | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of SSL certificates of application gateway | VpnClientRootCertificatePropertiesFormat (required) | 
VpnClientRootCertificatePropertiesFormat
| Name | Description | Value | 
|---|---|---|
| publicCertData | The certificate public data. | string (required) | 
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description | 
|---|---|
| Virtual Network Gateway Connection | AVM Resource Module for Virtual Network Gateway Connection |