Share via


Microsoft.Network vpnGateways/natRules 2023-09-01

Bicep resource definition

The vpnGateways/natRules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/vpnGateways/natRules resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/vpnGateways/natRules@2023-09-01' = {
  parent: resourceSymbolicName
  name: 'string'
  properties: {
    externalMappings: [
      {
        addressSpace: 'string'
        portRange: 'string'
      }
    ]
    internalMappings: [
      {
        addressSpace: 'string'
        portRange: 'string'
      }
    ]
    ipConfigurationId: 'string'
    mode: 'string'
    type: 'string'
  }
}

Property Values

Microsoft.Network/vpnGateways/natRules

Name Description Value
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: vpnGateways
properties Properties of the VpnGateway NAT rule. VpnGatewayNatRuleProperties

VpnGatewayNatRuleProperties

Name Description Value
externalMappings The private IP address external mapping for NAT. VpnNatRuleMapping[]
internalMappings The private IP address internal mapping for NAT. VpnNatRuleMapping[]
ipConfigurationId The IP Configuration ID this NAT rule applies to. string
mode The Source NAT direction of a VPN NAT. 'EgressSnat'
'IngressSnat'
type The type of NAT rule for VPN NAT. 'Dynamic'
'Static'

VpnNatRuleMapping

Name Description Value
addressSpace Address space for Vpn NatRule mapping. string
portRange Port range for Vpn NatRule mapping. string

ARM template resource definition

The vpnGateways/natRules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/vpnGateways/natRules resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/vpnGateways/natRules",
  "apiVersion": "2023-09-01",
  "name": "string",
  "properties": {
    "externalMappings": [
      {
        "addressSpace": "string",
        "portRange": "string"
      }
    ],
    "internalMappings": [
      {
        "addressSpace": "string",
        "portRange": "string"
      }
    ],
    "ipConfigurationId": "string",
    "mode": "string",
    "type": "string"
  }
}

Property Values

Microsoft.Network/vpnGateways/natRules

Name Description Value
apiVersion The api version '2023-09-01'
name The resource name string (required)
properties Properties of the VpnGateway NAT rule. VpnGatewayNatRuleProperties
type The resource type 'Microsoft.Network/vpnGateways/natRules'

VpnGatewayNatRuleProperties

Name Description Value
externalMappings The private IP address external mapping for NAT. VpnNatRuleMapping[]
internalMappings The private IP address internal mapping for NAT. VpnNatRuleMapping[]
ipConfigurationId The IP Configuration ID this NAT rule applies to. string
mode The Source NAT direction of a VPN NAT. 'EgressSnat'
'IngressSnat'
type The type of NAT rule for VPN NAT. 'Dynamic'
'Static'

VpnNatRuleMapping

Name Description Value
addressSpace Address space for Vpn NatRule mapping. string
portRange Port range for Vpn NatRule mapping. string

Usage Examples

Terraform (AzAPI provider) resource definition

The vpnGateways/natRules resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/vpnGateways/natRules resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/vpnGateways/natRules@2023-09-01"
  name = "string"
  parent_id = "string"
  body = {
    properties = {
      externalMappings = [
        {
          addressSpace = "string"
          portRange = "string"
        }
      ]
      internalMappings = [
        {
          addressSpace = "string"
          portRange = "string"
        }
      ]
      ipConfigurationId = "string"
      mode = "string"
      type = "string"
    }
  }
}

Property Values

Microsoft.Network/vpnGateways/natRules

Name Description Value
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: vpnGateways
properties Properties of the VpnGateway NAT rule. VpnGatewayNatRuleProperties
type The resource type "Microsoft.Network/vpnGateways/natRules@2023-09-01"

VpnGatewayNatRuleProperties

Name Description Value
externalMappings The private IP address external mapping for NAT. VpnNatRuleMapping[]
internalMappings The private IP address internal mapping for NAT. VpnNatRuleMapping[]
ipConfigurationId The IP Configuration ID this NAT rule applies to. string
mode The Source NAT direction of a VPN NAT. 'EgressSnat'
'IngressSnat'
type The type of NAT rule for VPN NAT. 'Dynamic'
'Static'

VpnNatRuleMapping

Name Description Value
addressSpace Address space for Vpn NatRule mapping. string
portRange Port range for Vpn NatRule mapping. string

Usage Examples

Terraform Samples

A basic example of deploying VPN Gateway NAT Rule.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "___location" {
  type    = string
  default = "westeurope"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}

resource "azapi_resource" "virtualWan" {
  type      = "Microsoft.Network/virtualWans@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      allowBranchToBranchTraffic     = true
      disableVpnEncryption           = false
      office365LocalBreakoutCategory = "None"
      type                           = "Standard"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "virtualHub" {
  type      = "Microsoft.Network/virtualHubs@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      addressPrefix        = "10.0.0.0/24"
      hubRoutingPreference = "ExpressRoute"
      virtualRouterAutoScaleConfiguration = {
        minCapacity = 2
      }
      virtualWan = {
        id = azapi_resource.virtualWan.id
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "vpnGateway" {
  type      = "Microsoft.Network/vpnGateways@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      enableBgpRouteTranslationForNat = false
      isRoutingPreferenceInternet     = false
      virtualHub = {
        id = azapi_resource.virtualHub.id
      }
      vpnGatewayScaleUnit = 1
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
  timeouts {
    create = "180m"
    update = "180m"
    delete = "60m"
  }
}

resource "azapi_resource" "natRule" {
  type      = "Microsoft.Network/vpnGateways/natRules@2022-07-01"
  parent_id = azapi_resource.vpnGateway.id
  name      = var.resource_name
  body = {
    properties = {
      externalMappings = [
        {
          addressSpace = "192.168.21.0/26"
        },
      ]
      internalMappings = [
        {
          addressSpace = "10.4.0.0/26"
        },
      ]
      mode = "EgressSnat"
      type = "Static"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}