Bicep resource definition
The vpnSites resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/vpnSites resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/vpnSites@2023-05-01' = {
  scope: resourceSymbolicName or scope
  ___location: 'string'
  name: 'string'
  properties: {
    addressSpace: {
      addressPrefixes: [
        'string'
      ]
    }
    bgpProperties: {
      asn: int
      bgpPeeringAddress: 'string'
      bgpPeeringAddresses: [
        {
          customBgpIpAddresses: [
            'string'
          ]
          ipconfigurationId: 'string'
        }
      ]
      peerWeight: int
    }
    deviceProperties: {
      deviceModel: 'string'
      deviceVendor: 'string'
      linkSpeedInMbps: int
    }
    ipAddress: 'string'
    isSecuritySite: bool
    o365Policy: {
      breakOutCategories: {
        allow: bool
        default: bool
        optimize: bool
      }
    }
    siteKey: 'string'
    virtualWan: {
      id: 'string'
    }
    vpnSiteLinks: [
      {
        id: 'string'
        name: 'string'
        properties: {
          bgpProperties: {
            asn: int
            bgpPeeringAddress: 'string'
          }
          fqdn: 'string'
          ipAddress: 'string'
          linkProperties: {
            linkProviderName: 'string'
            linkSpeedInMbps: int
          }
        }
      }
    ]
  }
  tags: {
    {customized property}: 'string'
  }
}
Property Values
Microsoft.Network/vpnSites
| Name | Description | Value | 
| ___location | Resource ___location. | string | 
| name | The resource name | string (required) | 
| properties | Properties of the VPN site. | VpnSiteProperties | 
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
AddressSpace
| Name | Description | Value | 
| addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] | 
BgpSettings
| Name | Description | Value | 
| asn | The BGP speaker's ASN. | int 
 Constraints:
 Min value = 0
 Max value = 4294967295
 | 
| bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string | 
| bgpPeeringAddresses | BGP peering address with IP configuration ID for virtual network gateway. | IPConfigurationBgpPeeringAddress[] | 
| peerWeight | The weight added to routes learned from this BGP speaker. | int | 
DeviceProperties
| Name | Description | Value | 
| deviceModel | Model of the device. | string | 
| deviceVendor | Name of the device Vendor. | string | 
| linkSpeedInMbps | Link speed. | int | 
IPConfigurationBgpPeeringAddress
| Name | Description | Value | 
| customBgpIpAddresses | The list of custom BGP peering addresses which belong to IP configuration. | string[] | 
| ipconfigurationId | The ID of IP configuration which belongs to gateway. | string | 
O365BreakOutCategoryPolicies
| Name | Description | Value | 
| allow | Flag to control allow category. | bool | 
| default | Flag to control default category. | bool | 
| optimize | Flag to control optimize category. | bool | 
O365PolicyProperties
SubResource
| Name | Description | Value | 
| id | Resource ID. | string | 
VpnLinkBgpSettings
| Name | Description | Value | 
| asn | The BGP speaker's ASN. | int | 
| bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string | 
VpnLinkProviderProperties
| Name | Description | Value | 
| linkProviderName | Name of the link provider. | string | 
| linkSpeedInMbps | Link speed. | int | 
VpnSiteLink
| Name | Description | Value | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of the VPN site link. | VpnSiteLinkProperties | 
VpnSiteLinkProperties
| Name | Description | Value | 
| bgpProperties | The set of bgp properties. | VpnLinkBgpSettings | 
| fqdn | FQDN of vpn-site-link. | string | 
| ipAddress | The ip-address for the vpn-site-link. | string | 
| linkProperties | The link provider properties. | VpnLinkProviderProperties | 
VpnSiteProperties
| Name | Description | Value | 
| addressSpace | The AddressSpace that contains an array of IP address ranges. | AddressSpace | 
| bgpProperties | The set of bgp properties. | BgpSettings | 
| deviceProperties | The device properties. | DeviceProperties | 
| ipAddress | The ip-address for the vpn-site. | string | 
| isSecuritySite | IsSecuritySite flag. | bool | 
| o365Policy | Office365 Policy. | O365PolicyProperties | 
| siteKey | The key for vpn-site that can be used for connections. | string | 
| virtualWan | The VirtualWAN to which the vpnSite belongs. | SubResource | 
| vpnSiteLinks | List of all vpn site links. | VpnSiteLink[] | 
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description | 
| VPN Site | AVM Resource Module for VPN Site | 
 
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description | 
| Creates Virtual WAN resources | This template allows you to create virtual WAN resources including Virtual WAN, Virtual Hub, VPN Gateway, VPN Site and a VPN Connecton. | 
 
 
ARM template resource definition
The vpnSites resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/vpnSites resource, add the following JSON to your template.
{
  "type": "Microsoft.Network/vpnSites",
  "apiVersion": "2023-05-01",
  "name": "string",
  "___location": "string",
  "properties": {
    "addressSpace": {
      "addressPrefixes": [ "string" ]
    },
    "bgpProperties": {
      "asn": "int",
      "bgpPeeringAddress": "string",
      "bgpPeeringAddresses": [
        {
          "customBgpIpAddresses": [ "string" ],
          "ipconfigurationId": "string"
        }
      ],
      "peerWeight": "int"
    },
    "deviceProperties": {
      "deviceModel": "string",
      "deviceVendor": "string",
      "linkSpeedInMbps": "int"
    },
    "ipAddress": "string",
    "isSecuritySite": "bool",
    "o365Policy": {
      "breakOutCategories": {
        "allow": "bool",
        "default": "bool",
        "optimize": "bool"
      }
    },
    "siteKey": "string",
    "virtualWan": {
      "id": "string"
    },
    "vpnSiteLinks": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "bgpProperties": {
            "asn": "int",
            "bgpPeeringAddress": "string"
          },
          "fqdn": "string",
          "ipAddress": "string",
          "linkProperties": {
            "linkProviderName": "string",
            "linkSpeedInMbps": "int"
          }
        }
      }
    ]
  },
  "tags": {
    "{customized property}": "string"
  }
}
Property Values
Microsoft.Network/vpnSites
| Name | Description | Value | 
| apiVersion | The api version | '2023-05-01' | 
| ___location | Resource ___location. | string | 
| name | The resource name | string (required) | 
| properties | Properties of the VPN site. | VpnSiteProperties | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
| type | The resource type | 'Microsoft.Network/vpnSites' | 
AddressSpace
| Name | Description | Value | 
| addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] | 
BgpSettings
| Name | Description | Value | 
| asn | The BGP speaker's ASN. | int 
 Constraints:
 Min value = 0
 Max value = 4294967295
 | 
| bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string | 
| bgpPeeringAddresses | BGP peering address with IP configuration ID for virtual network gateway. | IPConfigurationBgpPeeringAddress[] | 
| peerWeight | The weight added to routes learned from this BGP speaker. | int | 
DeviceProperties
| Name | Description | Value | 
| deviceModel | Model of the device. | string | 
| deviceVendor | Name of the device Vendor. | string | 
| linkSpeedInMbps | Link speed. | int | 
IPConfigurationBgpPeeringAddress
| Name | Description | Value | 
| customBgpIpAddresses | The list of custom BGP peering addresses which belong to IP configuration. | string[] | 
| ipconfigurationId | The ID of IP configuration which belongs to gateway. | string | 
O365BreakOutCategoryPolicies
| Name | Description | Value | 
| allow | Flag to control allow category. | bool | 
| default | Flag to control default category. | bool | 
| optimize | Flag to control optimize category. | bool | 
O365PolicyProperties
SubResource
| Name | Description | Value | 
| id | Resource ID. | string | 
VpnLinkBgpSettings
| Name | Description | Value | 
| asn | The BGP speaker's ASN. | int | 
| bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string | 
VpnLinkProviderProperties
| Name | Description | Value | 
| linkProviderName | Name of the link provider. | string | 
| linkSpeedInMbps | Link speed. | int | 
VpnSiteLink
| Name | Description | Value | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of the VPN site link. | VpnSiteLinkProperties | 
VpnSiteLinkProperties
| Name | Description | Value | 
| bgpProperties | The set of bgp properties. | VpnLinkBgpSettings | 
| fqdn | FQDN of vpn-site-link. | string | 
| ipAddress | The ip-address for the vpn-site-link. | string | 
| linkProperties | The link provider properties. | VpnLinkProviderProperties | 
VpnSiteProperties
| Name | Description | Value | 
| addressSpace | The AddressSpace that contains an array of IP address ranges. | AddressSpace | 
| bgpProperties | The set of bgp properties. | BgpSettings | 
| deviceProperties | The device properties. | DeviceProperties | 
| ipAddress | The ip-address for the vpn-site. | string | 
| isSecuritySite | IsSecuritySite flag. | bool | 
| o365Policy | Office365 Policy. | O365PolicyProperties | 
| siteKey | The key for vpn-site that can be used for connections. | string | 
| virtualWan | The VirtualWAN to which the vpnSite belongs. | SubResource | 
| vpnSiteLinks | List of all vpn site links. | VpnSiteLink[] | 
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description | 
| Creates Virtual WAN resources 
 
  | This template allows you to create virtual WAN resources including Virtual WAN, Virtual Hub, VPN Gateway, VPN Site and a VPN Connecton. | 
 
 
The vpnSites resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/vpnSites resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/vpnSites@2023-05-01"
  name = "string"
  parent_id = "string"
  ___location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      addressSpace = {
        addressPrefixes = [
          "string"
        ]
      }
      bgpProperties = {
        asn = int
        bgpPeeringAddress = "string"
        bgpPeeringAddresses = [
          {
            customBgpIpAddresses = [
              "string"
            ]
            ipconfigurationId = "string"
          }
        ]
        peerWeight = int
      }
      deviceProperties = {
        deviceModel = "string"
        deviceVendor = "string"
        linkSpeedInMbps = int
      }
      ipAddress = "string"
      isSecuritySite = bool
      o365Policy = {
        breakOutCategories = {
          allow = bool
          default = bool
          optimize = bool
        }
      }
      siteKey = "string"
      virtualWan = {
        id = "string"
      }
      vpnSiteLinks = [
        {
          id = "string"
          name = "string"
          properties = {
            bgpProperties = {
              asn = int
              bgpPeeringAddress = "string"
            }
            fqdn = "string"
            ipAddress = "string"
            linkProperties = {
              linkProviderName = "string"
              linkSpeedInMbps = int
            }
          }
        }
      ]
    }
  }
}
Property Values
Microsoft.Network/vpnSites
| Name | Description | Value | 
| ___location | Resource ___location. | string | 
| name | The resource name | string (required) | 
| parent_id | The ID of the resource to apply this extension resource to. | string (required) | 
| properties | Properties of the VPN site. | VpnSiteProperties | 
| tags | Resource tags | Dictionary of tag names and values. | 
| type | The resource type | "Microsoft.Network/vpnSites@2023-05-01" | 
AddressSpace
| Name | Description | Value | 
| addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] | 
BgpSettings
| Name | Description | Value | 
| asn | The BGP speaker's ASN. | int 
 Constraints:
 Min value = 0
 Max value = 4294967295
 | 
| bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string | 
| bgpPeeringAddresses | BGP peering address with IP configuration ID for virtual network gateway. | IPConfigurationBgpPeeringAddress[] | 
| peerWeight | The weight added to routes learned from this BGP speaker. | int | 
DeviceProperties
| Name | Description | Value | 
| deviceModel | Model of the device. | string | 
| deviceVendor | Name of the device Vendor. | string | 
| linkSpeedInMbps | Link speed. | int | 
IPConfigurationBgpPeeringAddress
| Name | Description | Value | 
| customBgpIpAddresses | The list of custom BGP peering addresses which belong to IP configuration. | string[] | 
| ipconfigurationId | The ID of IP configuration which belongs to gateway. | string | 
O365BreakOutCategoryPolicies
| Name | Description | Value | 
| allow | Flag to control allow category. | bool | 
| default | Flag to control default category. | bool | 
| optimize | Flag to control optimize category. | bool | 
O365PolicyProperties
SubResource
| Name | Description | Value | 
| id | Resource ID. | string | 
VpnLinkBgpSettings
| Name | Description | Value | 
| asn | The BGP speaker's ASN. | int | 
| bgpPeeringAddress | The BGP peering address and BGP identifier of this BGP speaker. | string | 
VpnLinkProviderProperties
| Name | Description | Value | 
| linkProviderName | Name of the link provider. | string | 
| linkSpeedInMbps | Link speed. | int | 
VpnSiteLink
| Name | Description | Value | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of the VPN site link. | VpnSiteLinkProperties | 
VpnSiteLinkProperties
| Name | Description | Value | 
| bgpProperties | The set of bgp properties. | VpnLinkBgpSettings | 
| fqdn | FQDN of vpn-site-link. | string | 
| ipAddress | The ip-address for the vpn-site-link. | string | 
| linkProperties | The link provider properties. | VpnLinkProviderProperties | 
VpnSiteProperties
| Name | Description | Value | 
| addressSpace | The AddressSpace that contains an array of IP address ranges. | AddressSpace | 
| bgpProperties | The set of bgp properties. | BgpSettings | 
| deviceProperties | The device properties. | DeviceProperties | 
| ipAddress | The ip-address for the vpn-site. | string | 
| isSecuritySite | IsSecuritySite flag. | bool | 
| o365Policy | Office365 Policy. | O365PolicyProperties | 
| siteKey | The key for vpn-site that can be used for connections. | string | 
| virtualWan | The VirtualWAN to which the vpnSite belongs. | SubResource | 
| vpnSiteLinks | List of all vpn site links. | VpnSiteLink[] | 
Usage Examples
A basic example of deploying VPN Site.
terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}
provider "azapi" {
  skip_provider_registration = false
}
variable "resource_name" {
  type    = string
  default = "acctest0001"
}
variable "___location" {
  type    = string
  default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}
resource "azapi_resource" "virtualWan" {
  type      = "Microsoft.Network/virtualWans@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      allowBranchToBranchTraffic     = true
      disableVpnEncryption           = false
      office365LocalBreakoutCategory = "None"
      type                           = "Standard"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
resource "azapi_resource" "vpnSite" {
  type      = "Microsoft.Network/vpnSites@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      addressSpace = {
        addressPrefixes = [
          "10.0.1.0/24",
        ]
      }
      virtualWan = {
        id = azapi_resource.virtualWan.id
      }
      vpnSiteLinks = [
        {
          name = "link1"
          properties = {
            fqdn      = ""
            ipAddress = "10.0.1.1"
            linkProperties = {
              linkProviderName = ""
              linkSpeedInMbps  = 0
            }
          }
        },
        {
          name = "link2"
          properties = {
            fqdn      = ""
            ipAddress = "10.0.1.2"
            linkProperties = {
              linkProviderName = ""
              linkSpeedInMbps  = 0
            }
          }
        },
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}