Bicep resource definition
The p2svpnGateways resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/p2svpnGateways resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/p2svpnGateways@2024-03-01' = {
  scope: resourceSymbolicName or scope
  ___location: 'string'
  name: 'string'
  properties: {
    customDnsServers: [
      'string'
    ]
    isRoutingPreferenceInternet: bool
    p2SConnectionConfigurations: [
      {
        id: 'string'
        name: 'string'
        properties: {
          enableInternetSecurity: bool
          routingConfiguration: {
            associatedRouteTable: {
              id: 'string'
            }
            inboundRouteMap: {
              id: 'string'
            }
            outboundRouteMap: {
              id: 'string'
            }
            propagatedRouteTables: {
              ids: [
                {
                  id: 'string'
                }
              ]
              labels: [
                'string'
              ]
            }
            vnetRoutes: {
              staticRoutes: [
                {
                  addressPrefixes: [
                    'string'
                  ]
                  name: 'string'
                  nextHopIpAddress: 'string'
                }
              ]
              staticRoutesConfig: {
                vnetLocalRouteOverrideCriteria: 'string'
              }
            }
          }
          vpnClientAddressPool: {
            addressPrefixes: [
              'string'
            ]
          }
        }
      }
    ]
    virtualHub: {
      id: 'string'
    }
    vpnGatewayScaleUnit: int
    vpnServerConfiguration: {
      id: 'string'
    }
  }
  tags: {
    {customized property}: 'string'
  }
}
Property Values
Microsoft.Network/p2svpnGateways
| Name | Description | Value | 
| ___location | Resource ___location. | string | 
| name | The resource name | string (required) | 
| properties | Properties of the P2SVpnGateway. | P2SVpnGatewayProperties | 
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
AddressSpace
| Name | Description | Value | 
| addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] | 
P2SConnectionConfiguration
| Name | Description | Value | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of the P2S connection configuration. | P2SConnectionConfigurationProperties | 
P2SConnectionConfigurationProperties
| Name | Description | Value | 
| enableInternetSecurity | Flag indicating whether the enable internet security flag is turned on for the P2S Connections or not. | bool | 
| routingConfiguration | The Routing Configuration indicating the associated and propagated route tables on this connection. | RoutingConfiguration | 
| vpnClientAddressPool | The reference to the address space resource which represents Address space for P2S VpnClient. | AddressSpace | 
P2SVpnGatewayProperties
| Name | Description | Value | 
| customDnsServers | List of all customer specified DNS servers IP addresses. | string[] | 
| isRoutingPreferenceInternet | Enable Routing Preference property for the Public IP Interface of the P2SVpnGateway. | bool | 
| p2SConnectionConfigurations | List of all p2s connection configurations of the gateway. | P2SConnectionConfiguration[] | 
| virtualHub | The VirtualHub to which the gateway belongs. | SubResource | 
| vpnGatewayScaleUnit | The scale unit for this p2s vpn gateway. | int | 
| vpnServerConfiguration | The VpnServerConfiguration to which the p2sVpnGateway is attached to. | SubResource | 
PropagatedRouteTable
| Name | Description | Value | 
| ids | The list of resource ids of all the RouteTables. | SubResource[] | 
| labels | The list of labels. | string[] | 
RoutingConfiguration
| Name | Description | Value | 
| associatedRouteTable | The resource id RouteTable associated with this RoutingConfiguration. | SubResource | 
| inboundRouteMap | The resource id of the RouteMap associated with this RoutingConfiguration for inbound learned routes. | SubResource | 
| outboundRouteMap | The resource id of theRouteMap associated with this RoutingConfiguration for outbound advertised routes. | SubResource | 
| propagatedRouteTables | The list of RouteTables to advertise the routes to. | PropagatedRouteTable | 
| vnetRoutes | List of routes that control routing from VirtualHub into a virtual network connection. | VnetRoute | 
StaticRoute
| Name | Description | Value | 
| addressPrefixes | List of all address prefixes. | string[] | 
| name | The name of the StaticRoute that is unique within a VnetRoute. | string | 
| nextHopIpAddress | The ip address of the next hop. | string | 
StaticRoutesConfig
| Name | Description | Value | 
| vnetLocalRouteOverrideCriteria | Parameter determining whether NVA in spoke vnet is bypassed for traffic with destination in spoke. | 'Contains' 'Equal'
 | 
SubResource
| Name | Description | Value | 
| id | Resource ID. | string | 
VnetRoute
| Name | Description | Value | 
| staticRoutes | List of all Static Routes. | StaticRoute[] | 
| staticRoutesConfig | Configuration for static routes on this HubVnetConnection. | StaticRoutesConfig | 
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
 
ARM template resource definition
The p2svpnGateways resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/p2svpnGateways resource, add the following JSON to your template.
{
  "type": "Microsoft.Network/p2svpnGateways",
  "apiVersion": "2024-03-01",
  "name": "string",
  "___location": "string",
  "properties": {
    "customDnsServers": [ "string" ],
    "isRoutingPreferenceInternet": "bool",
    "p2SConnectionConfigurations": [
      {
        "id": "string",
        "name": "string",
        "properties": {
          "enableInternetSecurity": "bool",
          "routingConfiguration": {
            "associatedRouteTable": {
              "id": "string"
            },
            "inboundRouteMap": {
              "id": "string"
            },
            "outboundRouteMap": {
              "id": "string"
            },
            "propagatedRouteTables": {
              "ids": [
                {
                  "id": "string"
                }
              ],
              "labels": [ "string" ]
            },
            "vnetRoutes": {
              "staticRoutes": [
                {
                  "addressPrefixes": [ "string" ],
                  "name": "string",
                  "nextHopIpAddress": "string"
                }
              ],
              "staticRoutesConfig": {
                "vnetLocalRouteOverrideCriteria": "string"
              }
            }
          },
          "vpnClientAddressPool": {
            "addressPrefixes": [ "string" ]
          }
        }
      }
    ],
    "virtualHub": {
      "id": "string"
    },
    "vpnGatewayScaleUnit": "int",
    "vpnServerConfiguration": {
      "id": "string"
    }
  },
  "tags": {
    "{customized property}": "string"
  }
}
Property Values
Microsoft.Network/p2svpnGateways
| Name | Description | Value | 
| apiVersion | The api version | '2024-03-01' | 
| ___location | Resource ___location. | string | 
| name | The resource name | string (required) | 
| properties | Properties of the P2SVpnGateway. | P2SVpnGatewayProperties | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
| type | The resource type | 'Microsoft.Network/p2svpnGateways' | 
AddressSpace
| Name | Description | Value | 
| addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] | 
P2SConnectionConfiguration
| Name | Description | Value | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of the P2S connection configuration. | P2SConnectionConfigurationProperties | 
P2SConnectionConfigurationProperties
| Name | Description | Value | 
| enableInternetSecurity | Flag indicating whether the enable internet security flag is turned on for the P2S Connections or not. | bool | 
| routingConfiguration | The Routing Configuration indicating the associated and propagated route tables on this connection. | RoutingConfiguration | 
| vpnClientAddressPool | The reference to the address space resource which represents Address space for P2S VpnClient. | AddressSpace | 
P2SVpnGatewayProperties
| Name | Description | Value | 
| customDnsServers | List of all customer specified DNS servers IP addresses. | string[] | 
| isRoutingPreferenceInternet | Enable Routing Preference property for the Public IP Interface of the P2SVpnGateway. | bool | 
| p2SConnectionConfigurations | List of all p2s connection configurations of the gateway. | P2SConnectionConfiguration[] | 
| virtualHub | The VirtualHub to which the gateway belongs. | SubResource | 
| vpnGatewayScaleUnit | The scale unit for this p2s vpn gateway. | int | 
| vpnServerConfiguration | The VpnServerConfiguration to which the p2sVpnGateway is attached to. | SubResource | 
PropagatedRouteTable
| Name | Description | Value | 
| ids | The list of resource ids of all the RouteTables. | SubResource[] | 
| labels | The list of labels. | string[] | 
RoutingConfiguration
| Name | Description | Value | 
| associatedRouteTable | The resource id RouteTable associated with this RoutingConfiguration. | SubResource | 
| inboundRouteMap | The resource id of the RouteMap associated with this RoutingConfiguration for inbound learned routes. | SubResource | 
| outboundRouteMap | The resource id of theRouteMap associated with this RoutingConfiguration for outbound advertised routes. | SubResource | 
| propagatedRouteTables | The list of RouteTables to advertise the routes to. | PropagatedRouteTable | 
| vnetRoutes | List of routes that control routing from VirtualHub into a virtual network connection. | VnetRoute | 
StaticRoute
| Name | Description | Value | 
| addressPrefixes | List of all address prefixes. | string[] | 
| name | The name of the StaticRoute that is unique within a VnetRoute. | string | 
| nextHopIpAddress | The ip address of the next hop. | string | 
StaticRoutesConfig
| Name | Description | Value | 
| vnetLocalRouteOverrideCriteria | Parameter determining whether NVA in spoke vnet is bypassed for traffic with destination in spoke. | 'Contains' 'Equal'
 | 
SubResource
| Name | Description | Value | 
| id | Resource ID. | string | 
VnetRoute
| Name | Description | Value | 
| staticRoutes | List of all Static Routes. | StaticRoute[] | 
| staticRoutesConfig | Configuration for static routes on this HubVnetConnection. | StaticRoutesConfig | 
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
 
The p2svpnGateways resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/p2svpnGateways resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/p2svpnGateways@2024-03-01"
  name = "string"
  parent_id = "string"
  ___location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      customDnsServers = [
        "string"
      ]
      isRoutingPreferenceInternet = bool
      p2SConnectionConfigurations = [
        {
          id = "string"
          name = "string"
          properties = {
            enableInternetSecurity = bool
            routingConfiguration = {
              associatedRouteTable = {
                id = "string"
              }
              inboundRouteMap = {
                id = "string"
              }
              outboundRouteMap = {
                id = "string"
              }
              propagatedRouteTables = {
                ids = [
                  {
                    id = "string"
                  }
                ]
                labels = [
                  "string"
                ]
              }
              vnetRoutes = {
                staticRoutes = [
                  {
                    addressPrefixes = [
                      "string"
                    ]
                    name = "string"
                    nextHopIpAddress = "string"
                  }
                ]
                staticRoutesConfig = {
                  vnetLocalRouteOverrideCriteria = "string"
                }
              }
            }
            vpnClientAddressPool = {
              addressPrefixes = [
                "string"
              ]
            }
          }
        }
      ]
      virtualHub = {
        id = "string"
      }
      vpnGatewayScaleUnit = int
      vpnServerConfiguration = {
        id = "string"
      }
    }
  }
}
Property Values
Microsoft.Network/p2svpnGateways
| Name | Description | Value | 
| ___location | Resource ___location. | string | 
| name | The resource name | string (required) | 
| parent_id | The ID of the resource to apply this extension resource to. | string (required) | 
| properties | Properties of the P2SVpnGateway. | P2SVpnGatewayProperties | 
| tags | Resource tags | Dictionary of tag names and values. | 
| type | The resource type | "Microsoft.Network/p2svpnGateways@2024-03-01" | 
AddressSpace
| Name | Description | Value | 
| addressPrefixes | A list of address blocks reserved for this virtual network in CIDR notation. | string[] | 
P2SConnectionConfiguration
| Name | Description | Value | 
| id | Resource ID. | string | 
| name | The name of the resource that is unique within a resource group. This name can be used to access the resource. | string | 
| properties | Properties of the P2S connection configuration. | P2SConnectionConfigurationProperties | 
P2SConnectionConfigurationProperties
| Name | Description | Value | 
| enableInternetSecurity | Flag indicating whether the enable internet security flag is turned on for the P2S Connections or not. | bool | 
| routingConfiguration | The Routing Configuration indicating the associated and propagated route tables on this connection. | RoutingConfiguration | 
| vpnClientAddressPool | The reference to the address space resource which represents Address space for P2S VpnClient. | AddressSpace | 
P2SVpnGatewayProperties
| Name | Description | Value | 
| customDnsServers | List of all customer specified DNS servers IP addresses. | string[] | 
| isRoutingPreferenceInternet | Enable Routing Preference property for the Public IP Interface of the P2SVpnGateway. | bool | 
| p2SConnectionConfigurations | List of all p2s connection configurations of the gateway. | P2SConnectionConfiguration[] | 
| virtualHub | The VirtualHub to which the gateway belongs. | SubResource | 
| vpnGatewayScaleUnit | The scale unit for this p2s vpn gateway. | int | 
| vpnServerConfiguration | The VpnServerConfiguration to which the p2sVpnGateway is attached to. | SubResource | 
PropagatedRouteTable
| Name | Description | Value | 
| ids | The list of resource ids of all the RouteTables. | SubResource[] | 
| labels | The list of labels. | string[] | 
RoutingConfiguration
| Name | Description | Value | 
| associatedRouteTable | The resource id RouteTable associated with this RoutingConfiguration. | SubResource | 
| inboundRouteMap | The resource id of the RouteMap associated with this RoutingConfiguration for inbound learned routes. | SubResource | 
| outboundRouteMap | The resource id of theRouteMap associated with this RoutingConfiguration for outbound advertised routes. | SubResource | 
| propagatedRouteTables | The list of RouteTables to advertise the routes to. | PropagatedRouteTable | 
| vnetRoutes | List of routes that control routing from VirtualHub into a virtual network connection. | VnetRoute | 
StaticRoute
| Name | Description | Value | 
| addressPrefixes | List of all address prefixes. | string[] | 
| name | The name of the StaticRoute that is unique within a VnetRoute. | string | 
| nextHopIpAddress | The ip address of the next hop. | string | 
StaticRoutesConfig
| Name | Description | Value | 
| vnetLocalRouteOverrideCriteria | Parameter determining whether NVA in spoke vnet is bypassed for traffic with destination in spoke. | 'Contains' 'Equal'
 | 
SubResource
| Name | Description | Value | 
| id | Resource ID. | string | 
VnetRoute
| Name | Description | Value | 
| staticRoutes | List of all Static Routes. | StaticRoute[] | 
| staticRoutesConfig | Configuration for static routes on this HubVnetConnection. | StaticRoutesConfig | 
Usage Examples
A basic example of deploying Point-to-Site VPN Gateway.
terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}
provider "azapi" {
  skip_provider_registration = false
}
variable "resource_name" {
  type    = string
  default = "acctest0001"
}
variable "___location" {
  type    = string
  default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}
resource "azapi_resource" "vpnServerConfiguration" {
  type      = "Microsoft.Network/vpnServerConfigurations@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      vpnAuthenticationTypes = [
        "Certificate",
      ]
      vpnClientIpsecPolicies = [
      ]
      vpnClientRevokedCertificates = [
      ]
      vpnClientRootCertificates = [
        {
          name           = "DigiCert-Federated-ID-Root-CA"
          publicCertData = "MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg\nUm9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV\nBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp\nY2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j\nQPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8\nzAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf\nGTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d\nGTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8\nDk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2\nDwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV\nHQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW\njKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP\n9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR\nQELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL\nuGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn\nWsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq\nM/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=\n"
        },
      ]
      vpnProtocols = [
        "OpenVPN",
        "IkeV2",
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
resource "azapi_resource" "virtualWan" {
  type      = "Microsoft.Network/virtualWans@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      allowBranchToBranchTraffic     = true
      disableVpnEncryption           = false
      office365LocalBreakoutCategory = "None"
      type                           = "Standard"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
resource "azapi_resource" "virtualHub" {
  type      = "Microsoft.Network/virtualHubs@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      addressPrefix        = "10.0.1.0/24"
      hubRoutingPreference = "ExpressRoute"
      virtualRouterAutoScaleConfiguration = {
        minCapacity = 2
      }
      virtualWan = {
        id = azapi_resource.virtualWan.id
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
resource "azapi_resource" "p2svpnGateway" {
  type      = "Microsoft.Network/p2svpnGateways@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  ___location  = var.___location
  body = {
    properties = {
      isRoutingPreferenceInternet = false
      p2SConnectionConfigurations = [
        {
          name = "first"
          properties = {
            enableInternetSecurity = false
            vpnClientAddressPool = {
              addressPrefixes = [
                "172.100.0.0/14",
              ]
            }
          }
        },
      ]
      virtualHub = {
        id = azapi_resource.virtualHub.id
      }
      vpnGatewayScaleUnit = 1
      vpnServerConfiguration = {
        id = azapi_resource.vpnServerConfiguration.id
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
  timeouts {
    create = "180m"
    update = "180m"
    delete = "180m"
  }
}