az network vpn-gateway
Note
This reference is part of the virtual-wan extension for the Azure CLI (version 2.55.0 or higher). The extension will automatically install the first time you run an az network vpn-gateway command. Learn more about extensions.
Manage site-to-site VPN gateways.
Commands
| Name | Description | Type | Status | 
|---|---|---|---|
| az network vpn-gateway connection | Manage site-to-site VPN gateway connections. | Extension | GA | 
| az network vpn-gateway connection create | Create a site-to-site VPN gateway connection. | Extension | GA | 
| az network vpn-gateway connection delete | Delete a site-to-site VPN gateway connection. | Extension | GA | 
| az network vpn-gateway connection ipsec-policy | Manage site-to-site VPN gateway connection IPSec policies. | Extension | GA | 
| az network vpn-gateway connection ipsec-policy add | Add an IPSec policy to a site-to-site VPN gateway connection. | Extension | GA | 
| az network vpn-gateway connection ipsec-policy list | List site-to-site VPN gateway connection IPSec policies. | Extension | GA | 
| az network vpn-gateway connection ipsec-policy remove | Remove an IPSec policy from a site-to-site VPN gateway connection. | Extension | GA | 
| az network vpn-gateway connection list | List site-to-site VPN gateway connections. | Extension | GA | 
| az network vpn-gateway connection packet-capture | Manage site-to-site VPN gateway connections packet capture. | Extension | GA | 
| az network vpn-gateway connection packet-capture start | Starts packet capture on Vpn connection in the specified resource group. | Extension | GA | 
| az network vpn-gateway connection show | Get the details of a site-to-site VPN gateway connection. | Extension | GA | 
| az network vpn-gateway connection update | Update settings of VPN gateway connection. | Extension | GA | 
| az network vpn-gateway connection vpn-site-link-conn | Manage site-to-site VPN gateway connection VPN site link connection. | Extension | GA | 
| az network vpn-gateway connection vpn-site-link-conn add | Add a VPN site link connection to a site-to-site VPN gateway connection. | Extension | GA | 
| az network vpn-gateway connection vpn-site-link-conn ipsec-policy | Manage site-to-site VPN gateway connection VPN site link IPSec policies. | Extension | GA | 
| az network vpn-gateway connection vpn-site-link-conn ipsec-policy add | Add an IPSec policy to a site-to-site VPN gateway connection VPN site link. | Extension | GA | 
| az network vpn-gateway connection vpn-site-link-conn ipsec-policy list | List site-to-site VPN gateway connection VPN site link IPSec policies. | Extension | GA | 
| az network vpn-gateway connection vpn-site-link-conn ipsec-policy remove | Remove an IPSec policy from a site-to-site VPN gateway connection VPN site link. | Extension | GA | 
| az network vpn-gateway connection vpn-site-link-conn list | List site-to-site VPN gateway connection VPN site link connection. | Extension | GA | 
| az network vpn-gateway connection vpn-site-link-conn remove | Remove a VPN site link connection from a site-to-site VPN gateway connection. | Extension | GA | 
| az network vpn-gateway connection wait | Place the CLI in a waiting state until a condition of the site-to-site VPN gateway connection is met. | Extension | GA | 
| az network vpn-gateway create | Create a site-to-site VPN gateway. | Extension | GA | 
| az network vpn-gateway delete | Delete a site-to-site VPN gateway. | Extension | GA | 
| az network vpn-gateway list | List site-to-site VPN gateways. | Extension | GA | 
| az network vpn-gateway nat-rule | Manage site-to-site VPN gateway nat rule. | Extension | GA | 
| az network vpn-gateway nat-rule create | Create a nat rule to a scalable vpn gateway if it doesn't exist else updates the existing nat rules. | Extension | GA | 
| az network vpn-gateway nat-rule delete | Delete a nat rule. | Extension | GA | 
| az network vpn-gateway nat-rule list | List all nat rules for a particular virtual wan vpn gateway. | Extension | GA | 
| az network vpn-gateway nat-rule show | Get the details of a nat ruleGet. | Extension | GA | 
| az network vpn-gateway nat-rule update | Update a nat rule to a scalable vpn gateway if it doesn't exist else updates the existing nat rules. | Extension | GA | 
| az network vpn-gateway nat-rule wait | Place the CLI in a waiting state until a condition is met. | Extension | GA | 
| az network vpn-gateway show | Get the details of a site-to-site VPN gateway. | Extension | GA | 
| az network vpn-gateway update | Update settings of a site-to-site VPN gateway. | Extension | GA | 
| az network vpn-gateway wait | Place the CLI in a waiting state until a condition is met. | Extension | GA | 
az network vpn-gateway create
Create a site-to-site VPN gateway.
az network vpn-gateway create --name
                              --resource-group
                              [--asn]
                              [--bgp-peering-address]
                              [--location]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--peer-weight]
                              [--scale-unit]
                              [--tags]
                              [--vhub]Examples
Create a site-to-site VPN gateway.
az network vpn-gateway create -n MyVPNGateway -g MyRG --vhub MyVHub -l westusRequired Parameters
Name of the VPN gateway.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
BGP speaker's ASN.
| Property | Value | 
|---|---|
| Parameter group: | BGP Peering Arguments | 
Peering address and BGP identifier of this BGP speaker.
| Property | Value | 
|---|---|
| Parameter group: | BGP Peering Arguments | 
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.  When not specified, the location of the resource group will be used.
Do not wait for the long-running operation to finish.
| Property | Value | 
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes | 
Weight added to routes learned from this BGP speaker.
| Property | Value | 
|---|---|
| Parameter group: | BGP Peering Arguments | 
The scale unit for this VPN gateway.
Space-separated tags: key[=value] [key[=value] ...]. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Name or ID of a virtual hub.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az network vpn-gateway delete
Delete a site-to-site VPN gateway.
az network vpn-gateway delete [--ids]
                              [--name]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--resource-group]
                              [--subscription]Examples
Delete a site-to-site VPN gateway.
az network vpn-gateway delete -n MyVPNGateway -g MyRGOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Name of the VPN gateway.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Do not wait for the long-running operation to finish.
| Property | Value | 
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes | 
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az network vpn-gateway list
List site-to-site VPN gateways.
az network vpn-gateway list [--resource-group]Examples
List site-to-site VPN gateways.
az network vpn-gateway list -g MyRGOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az network vpn-gateway show
Get the details of a site-to-site VPN gateway.
az network vpn-gateway show [--ids]
                            [--name]
                            [--resource-group]
                            [--subscription]Examples
Get the details of a site-to-site VPN gateway.
az network vpn-gateway show -n MyVPNGateway -g MyRGOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Name of the VPN gateway.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az network vpn-gateway update
Update settings of a site-to-site VPN gateway.
az network vpn-gateway update [--add]
                              [--asn]
                              [--bgp-peering-address]
                              [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                              [--ids]
                              [--name]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--peer-weight]
                              [--remove]
                              [--resource-group]
                              [--scale-unit]
                              [--set]
                              [--subscription]
                              [--tags]
                              [--vhub]Examples
Update settings of a site-to-site VPN gateway.
az network vpn-gateway create -g MyRG --vhub MyVHub --name MyVPNGateway --tags foo=barOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs.  Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value | 
|---|---|
| Parameter group: | Generic Update Arguments | 
BGP speaker's ASN.
| Property | Value | 
|---|---|
| Parameter group: | BGP Peering Arguments | 
Peering address and BGP identifier of this BGP speaker.
| Property | Value | 
|---|---|
| Parameter group: | BGP Peering Arguments | 
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value | 
|---|---|
| Parameter group: | Generic Update Arguments | 
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes | 
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Name of the VPN gateway.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Do not wait for the long-running operation to finish.
| Property | Value | 
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes | 
Weight added to routes learned from this BGP speaker.
| Property | Value | 
|---|---|
| Parameter group: | BGP Peering Arguments | 
Remove a property or an element from a list.  Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value | 
|---|---|
| Parameter group: | Generic Update Arguments | 
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
The scale unit for this VPN gateway.
Update an object by specifying a property path and value to set.  Example: --set property1.property2=<value>.
| Property | Value | 
|---|---|
| Parameter group: | Generic Update Arguments | 
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Space-separated tags: key[=value] [key[=value] ...]. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Name or ID of a virtual hub.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az network vpn-gateway wait
Place the CLI in a waiting state until a condition is met.
az network vpn-gateway wait [--created]
                            [--custom]
                            [--deleted]
                            [--exists]
                            [--ids]
                            [--interval]
                            [--name]
                            [--resource-group]
                            [--subscription]
                            [--timeout]
                            [--updated]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
| Default value: | False | 
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
Wait until deleted.
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
| Default value: | False | 
Wait until the resource exists.
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
| Default value: | False | 
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Polling interval in seconds.
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
| Default value: | 30 | 
Name of the VPN gateway.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value | 
|---|---|
| Parameter group: | Resource Id Arguments | 
Maximum wait in seconds.
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
| Default value: | 3600 | 
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value | 
|---|---|
| Parameter group: | Wait Condition Arguments | 
| Default value: | False | 
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False |