Microsoft.Network p2svpnGateways 2019-06-01

Bicep resource definition

The p2svpnGateways resource type can be deployed with operations that target:

Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/p2svpnGateways resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/p2svpnGateways@2019-06-01' = {
  location: 'string'
  name: 'string'
  properties: {
    customRoutes: {
      addressPrefixes: [
        'string'
      ]
    }
    p2SVpnServerConfiguration: {
      id: 'string'
    }
    virtualHub: {
      id: 'string'
    }
    vpnClientAddressPool: {
      addressPrefixes: [
        'string'
      ]
    }
    vpnGatewayScaleUnit: int
  }
  tags: {
    {customized property}: 'string'
  }
}

Property Values

Microsoft.Network/p2svpnGateways

Name	Description	Value
location	Resource location.	string
name	The resource name	string (required)
properties	Properties of the P2SVpnGateway.	P2SVpnGatewayProperties
tags	Resource tags	Dictionary of tag names and values. See Tags in templates

AddressSpace

Name	Description	Value
addressPrefixes	A list of address blocks reserved for this virtual network in CIDR notation.	string[]

P2SVpnGatewayProperties

Name	Description	Value
customRoutes	The reference of the address space resource which represents the custom routes specified by the customer for P2SVpnGateway and P2S VpnClient.	AddressSpace
p2SVpnServerConfiguration	The P2SVpnServerConfiguration to which the p2sVpnGateway is attached to.	SubResource
virtualHub	The VirtualHub to which the gateway belongs.	SubResource
vpnClientAddressPool	The reference of the address space resource which represents Address space for P2S VpnClient.	AddressSpace
vpnGatewayScaleUnit	The scale unit for this p2s vpn gateway.	int

ResourceTags

Name	Description	Value

SubResource

Name	Description	Value
id	Resource ID.	string

Usage Examples

Bicep Samples

A basic example of deploying Point-to-Site VPN Gateway.

param resourceName string = 'acctest0001'
param location string = 'westeurope'

resource p2svpnGateway 'Microsoft.Network/p2svpnGateways@2022-07-01' = {
  name: resourceName
  location: location
  properties: {
    isRoutingPreferenceInternet: false
    p2SConnectionConfigurations: [
      {
        name: 'first'
        properties: {
          enableInternetSecurity: false
          vpnClientAddressPool: {
            addressPrefixes: [
              '172.100.0.0/14'
            ]
          }
        }
      }
    ]
    virtualHub: {
      id: virtualHub.id
    }
    vpnGatewayScaleUnit: 1
    vpnServerConfiguration: {
      id: vpnServerConfiguration.id
    }
  }
}

resource virtualHub 'Microsoft.Network/virtualHubs@2022-07-01' = {
  name: resourceName
  location: location
  properties: {
    addressPrefix: '10.0.1.0/24'
    hubRoutingPreference: 'ExpressRoute'
    virtualRouterAutoScaleConfiguration: {
      minCapacity: 2
    }
    virtualWan: {
      id: virtualWan.id
    }
  }
}

resource virtualWan 'Microsoft.Network/virtualWans@2022-07-01' = {
  name: resourceName
  location: location
  properties: {
    allowBranchToBranchTraffic: true
    disableVpnEncryption: false
    office365LocalBreakoutCategory: 'None'
    type: 'Standard'
  }
}

resource vpnServerConfiguration 'Microsoft.Network/vpnServerConfigurations@2022-07-01' = {
  name: resourceName
  location: location
  properties: {
    vpnAuthenticationTypes: [
      'Certificate'
    ]
    vpnClientIpsecPolicies: []
    vpnClientRevokedCertificates: []
    vpnClientRootCertificates: [
      {
        name: 'DigiCert-Federated-ID-Root-CA'
        publicCertData: '''MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
'''
      }
    ]
    vpnProtocols: [
      'OpenVPN'
      'IkeV2'
    ]
  }
}

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module	Description
P2S VPN Gateway	AVM Resource Module for P2S VPN Gateway

ARM template resource definition

The p2svpnGateways resource type can be deployed with operations that target:

Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/p2svpnGateways resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/p2svpnGateways",
  "apiVersion": "2019-06-01",
  "name": "string",
  "location": "string",
  "properties": {
    "customRoutes": {
      "addressPrefixes": [ "string" ]
    },
    "p2SVpnServerConfiguration": {
      "id": "string"
    },
    "virtualHub": {
      "id": "string"
    },
    "vpnClientAddressPool": {
      "addressPrefixes": [ "string" ]
    },
    "vpnGatewayScaleUnit": "int"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property Values

Microsoft.Network/p2svpnGateways

Name	Description	Value
apiVersion	The api version	'2019-06-01'
location	Resource location.	string
name	The resource name	string (required)
properties	Properties of the P2SVpnGateway.	P2SVpnGatewayProperties
tags	Resource tags	Dictionary of tag names and values. See Tags in templates
type	The resource type	'Microsoft.Network/p2svpnGateways'

AddressSpace

Name	Description	Value
addressPrefixes	A list of address blocks reserved for this virtual network in CIDR notation.	string[]

P2SVpnGatewayProperties

Name	Description	Value
customRoutes	The reference of the address space resource which represents the custom routes specified by the customer for P2SVpnGateway and P2S VpnClient.	AddressSpace
p2SVpnServerConfiguration	The P2SVpnServerConfiguration to which the p2sVpnGateway is attached to.	SubResource
virtualHub	The VirtualHub to which the gateway belongs.	SubResource
vpnClientAddressPool	The reference of the address space resource which represents Address space for P2S VpnClient.	AddressSpace
vpnGatewayScaleUnit	The scale unit for this p2s vpn gateway.	int

ResourceTags

Name	Description	Value

SubResource

Name	Description	Value
id	Resource ID.	string

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template	Description
Azure Virtual WAN (vWAN) Multi-Hub Deployment	This template allows you to create an Azure Virtual WAN (vWAN) multi-hub deployment including all gateways and VNET connections.
Azure vWAN Multi-Hub Deployment with Custom Routing Tables	This template allows you to create an Azure Virtual WAN (vWAN) multi-hub deployment, including all gateways and VNET connections, and demonstrate the usage of Route Tables for custom routing.
vWAN P2S deployment with multi address pool and user groups	This template deploys Azure Virtual WAN (vWAN) with a P2S configured with multiple address pool and user groups

Terraform (AzAPI provider) resource definition

The p2svpnGateways resource type can be deployed with operations that target:

Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/p2svpnGateways resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/p2svpnGateways@2019-06-01"
  name = "string"
  parent_id = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      customRoutes = {
        addressPrefixes = [
          "string"
        ]
      }
      p2SVpnServerConfiguration = {
        id = "string"
      }
      virtualHub = {
        id = "string"
      }
      vpnClientAddressPool = {
        addressPrefixes = [
          "string"
        ]
      }
      vpnGatewayScaleUnit = int
    }
  }
}

Property Values

Microsoft.Network/p2svpnGateways

Name	Description	Value
location	Resource location.	string
name	The resource name	string (required)
properties	Properties of the P2SVpnGateway.	P2SVpnGatewayProperties
tags	Resource tags	Dictionary of tag names and values.
type	The resource type	"Microsoft.Network/p2svpnGateways@2019-06-01"

AddressSpace

Name	Description	Value
addressPrefixes	A list of address blocks reserved for this virtual network in CIDR notation.	string[]

P2SVpnGatewayProperties

Name	Description	Value
customRoutes	The reference of the address space resource which represents the custom routes specified by the customer for P2SVpnGateway and P2S VpnClient.	AddressSpace
p2SVpnServerConfiguration	The P2SVpnServerConfiguration to which the p2sVpnGateway is attached to.	SubResource
virtualHub	The VirtualHub to which the gateway belongs.	SubResource
vpnClientAddressPool	The reference of the address space resource which represents Address space for P2S VpnClient.	AddressSpace
vpnGatewayScaleUnit	The scale unit for this p2s vpn gateway.	int

ResourceTags

Name	Description	Value

SubResource

Name	Description	Value
id	Resource ID.	string

Usage Examples

Terraform Samples

A basic example of deploying Point-to-Site VPN Gateway.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "location" {
  type    = string
  default = "westeurope"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}

resource "azapi_resource" "vpnServerConfiguration" {
  type      = "Microsoft.Network/vpnServerConfigurations@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      vpnAuthenticationTypes = [
        "Certificate",
      ]
      vpnClientIpsecPolicies = [
      ]
      vpnClientRevokedCertificates = [
      ]
      vpnClientRootCertificates = [
        {
          name           = "DigiCert-Federated-ID-Root-CA"
          publicCertData = "MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg\nUm9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV\nBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp\nY2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j\nQPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8\nzAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf\nGTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d\nGTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8\nDk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2\nDwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV\nHQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW\njKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP\n9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR\nQELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL\nuGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn\nWsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq\nM/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=\n"
        },
      ]
      vpnProtocols = [
        "OpenVPN",
        "IkeV2",
      ]
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "virtualWan" {
  type      = "Microsoft.Network/virtualWans@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      allowBranchToBranchTraffic     = true
      disableVpnEncryption           = false
      office365LocalBreakoutCategory = "None"
      type                           = "Standard"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "virtualHub" {
  type      = "Microsoft.Network/virtualHubs@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      addressPrefix        = "10.0.1.0/24"
      hubRoutingPreference = "ExpressRoute"
      virtualRouterAutoScaleConfiguration = {
        minCapacity = 2
      }
      virtualWan = {
        id = azapi_resource.virtualWan.id
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "p2svpnGateway" {
  type      = "Microsoft.Network/p2svpnGateways@2022-07-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      isRoutingPreferenceInternet = false
      p2SConnectionConfigurations = [
        {
          name = "first"
          properties = {
            enableInternetSecurity = false
            vpnClientAddressPool = {
              addressPrefixes = [
                "172.100.0.0/14",
              ]
            }
          }
        },
      ]
      virtualHub = {
        id = azapi_resource.virtualHub.id
      }
      vpnGatewayScaleUnit = 1
      vpnServerConfiguration = {
        id = azapi_resource.vpnServerConfiguration.id
      }
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
  timeouts {
    create = "180m"
    update = "180m"
    delete = "180m"
  }
}

Feedback

Was this page helpful?

Last updated on 2026-01-20

Share via

Microsoft.Network p2svpnGateways 2019-06-01

Bicep resource definition

Resource format

Property Values

Microsoft.Network/p2svpnGateways

AddressSpace

P2SVpnGatewayProperties

ResourceTags

SubResource

Usage Examples

Bicep Samples

Azure Verified Modules

ARM template resource definition

Resource format

Property Values

Microsoft.Network/p2svpnGateways

AddressSpace

P2SVpnGatewayProperties

ResourceTags

SubResource

Usage Examples

Azure Quickstart Templates

Terraform (AzAPI provider) resource definition

Resource format

Property Values

Microsoft.Network/p2svpnGateways

AddressSpace

P2SVpnGatewayProperties

ResourceTags

SubResource

Usage Examples

Terraform Samples

Feedback

Additional resources