Bicep resource definition
The p2svpnGateways resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/p2svpnGateways resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/p2svpnGateways@2020-04-01' = {
location: 'string'
name: 'string'
properties: {
p2SConnectionConfigurations: [
{
id: 'string'
name: 'string'
properties: {
routingConfiguration: {
associatedRouteTable: {
id: 'string'
}
propagatedRouteTables: {
ids: [
{
id: 'string'
}
]
labels: [
'string'
]
}
vnetRoutes: {
staticRoutes: [
{
addressPrefixes: [
'string'
]
name: 'string'
nextHopIpAddress: 'string'
}
]
}
}
vpnClientAddressPool: {
addressPrefixes: [
'string'
]
}
}
}
]
virtualHub: {
id: 'string'
}
vpnGatewayScaleUnit: int
vpnServerConfiguration: {
id: 'string'
}
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.Network/p2svpnGateways
| Name |
Description |
Value |
| location |
Resource location. |
string |
| name |
The resource name |
string (required) |
| properties |
Properties of the P2SVpnGateway. |
P2SVpnGatewayProperties |
| tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
AddressSpace
| Name |
Description |
Value |
| addressPrefixes |
A list of address blocks reserved for this virtual network in CIDR notation. |
string[] |
P2SConnectionConfiguration
| Name |
Description |
Value |
| id |
Resource ID. |
string |
| name |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
string |
| properties |
Properties of the P2S connection configuration. |
P2SConnectionConfigurationProperties |
P2SConnectionConfigurationProperties
| Name |
Description |
Value |
| routingConfiguration |
The Routing Configuration indicating the associated and propagated route tables on this connection. |
RoutingConfiguration |
| vpnClientAddressPool |
The reference to the address space resource which represents Address space for P2S VpnClient. |
AddressSpace |
P2SVpnGatewayProperties
| Name |
Description |
Value |
| p2SConnectionConfigurations |
List of all p2s connection configurations of the gateway. |
P2SConnectionConfiguration[] |
| virtualHub |
The VirtualHub to which the gateway belongs. |
SubResource |
| vpnGatewayScaleUnit |
The scale unit for this p2s vpn gateway. |
int |
| vpnServerConfiguration |
The VpnServerConfiguration to which the p2sVpnGateway is attached to. |
SubResource |
PropagatedRouteTable
| Name |
Description |
Value |
| ids |
The list of resource ids of all the RouteTables. |
SubResource[] |
| labels |
The list of labels. |
string[] |
RoutingConfiguration
| Name |
Description |
Value |
| associatedRouteTable |
The resource id RouteTable associated with this RoutingConfiguration. |
SubResource |
| propagatedRouteTables |
The list of RouteTables to advertise the routes to. |
PropagatedRouteTable |
| vnetRoutes |
List of routes that control routing from VirtualHub into a virtual network connection. |
VnetRoute |
StaticRoute
| Name |
Description |
Value |
| addressPrefixes |
List of all address prefixes. |
string[] |
| name |
The name of the StaticRoute that is unique within a VnetRoute. |
string |
| nextHopIpAddress |
The ip address of the next hop. |
string |
SubResource
| Name |
Description |
Value |
| id |
Resource ID. |
string |
VnetRoute
| Name |
Description |
Value |
| staticRoutes |
List of all Static Routes. |
StaticRoute[] |
Usage Examples
Bicep Samples
A basic example of deploying Point-to-Site VPN Gateway.
param resourceName string = 'acctest0001'
param location string = 'westeurope'
resource p2svpnGateway 'Microsoft.Network/p2svpnGateways@2022-07-01' = {
name: resourceName
location: location
properties: {
isRoutingPreferenceInternet: false
p2SConnectionConfigurations: [
{
name: 'first'
properties: {
enableInternetSecurity: false
vpnClientAddressPool: {
addressPrefixes: [
'172.100.0.0/14'
]
}
}
}
]
virtualHub: {
id: virtualHub.id
}
vpnGatewayScaleUnit: 1
vpnServerConfiguration: {
id: vpnServerConfiguration.id
}
}
}
resource virtualHub 'Microsoft.Network/virtualHubs@2022-07-01' = {
name: resourceName
location: location
properties: {
addressPrefix: '10.0.1.0/24'
hubRoutingPreference: 'ExpressRoute'
virtualRouterAutoScaleConfiguration: {
minCapacity: 2
}
virtualWan: {
id: virtualWan.id
}
}
}
resource virtualWan 'Microsoft.Network/virtualWans@2022-07-01' = {
name: resourceName
location: location
properties: {
allowBranchToBranchTraffic: true
disableVpnEncryption: false
office365LocalBreakoutCategory: 'None'
type: 'Standard'
}
}
resource vpnServerConfiguration 'Microsoft.Network/vpnServerConfigurations@2022-07-01' = {
name: resourceName
location: location
properties: {
vpnAuthenticationTypes: [
'Certificate'
]
vpnClientIpsecPolicies: []
vpnClientRevokedCertificates: []
vpnClientRootCertificates: [
{
name: 'DigiCert-Federated-ID-Root-CA'
publicCertData: '''MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg
Um9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV
BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
Y2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j
QPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8
zAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf
GTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d
GTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8
Dk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2
DwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV
HQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW
jKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP
9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR
QELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL
uGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn
WsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq
M/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=
'''
}
]
vpnProtocols: [
'OpenVPN'
'IkeV2'
]
}
}
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
ARM template resource definition
The p2svpnGateways resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/p2svpnGateways resource, add the following JSON to your template.
{
"type": "Microsoft.Network/p2svpnGateways",
"apiVersion": "2020-04-01",
"name": "string",
"location": "string",
"properties": {
"p2SConnectionConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"routingConfiguration": {
"associatedRouteTable": {
"id": "string"
},
"propagatedRouteTables": {
"ids": [
{
"id": "string"
}
],
"labels": [ "string" ]
},
"vnetRoutes": {
"staticRoutes": [
{
"addressPrefixes": [ "string" ],
"name": "string",
"nextHopIpAddress": "string"
}
]
}
},
"vpnClientAddressPool": {
"addressPrefixes": [ "string" ]
}
}
}
],
"virtualHub": {
"id": "string"
},
"vpnGatewayScaleUnit": "int",
"vpnServerConfiguration": {
"id": "string"
}
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.Network/p2svpnGateways
| Name |
Description |
Value |
| apiVersion |
The api version |
'2020-04-01' |
| location |
Resource location. |
string |
| name |
The resource name |
string (required) |
| properties |
Properties of the P2SVpnGateway. |
P2SVpnGatewayProperties |
| tags |
Resource tags |
Dictionary of tag names and values. See Tags in templates |
| type |
The resource type |
'Microsoft.Network/p2svpnGateways' |
AddressSpace
| Name |
Description |
Value |
| addressPrefixes |
A list of address blocks reserved for this virtual network in CIDR notation. |
string[] |
P2SConnectionConfiguration
| Name |
Description |
Value |
| id |
Resource ID. |
string |
| name |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
string |
| properties |
Properties of the P2S connection configuration. |
P2SConnectionConfigurationProperties |
P2SConnectionConfigurationProperties
| Name |
Description |
Value |
| routingConfiguration |
The Routing Configuration indicating the associated and propagated route tables on this connection. |
RoutingConfiguration |
| vpnClientAddressPool |
The reference to the address space resource which represents Address space for P2S VpnClient. |
AddressSpace |
P2SVpnGatewayProperties
| Name |
Description |
Value |
| p2SConnectionConfigurations |
List of all p2s connection configurations of the gateway. |
P2SConnectionConfiguration[] |
| virtualHub |
The VirtualHub to which the gateway belongs. |
SubResource |
| vpnGatewayScaleUnit |
The scale unit for this p2s vpn gateway. |
int |
| vpnServerConfiguration |
The VpnServerConfiguration to which the p2sVpnGateway is attached to. |
SubResource |
PropagatedRouteTable
| Name |
Description |
Value |
| ids |
The list of resource ids of all the RouteTables. |
SubResource[] |
| labels |
The list of labels. |
string[] |
RoutingConfiguration
| Name |
Description |
Value |
| associatedRouteTable |
The resource id RouteTable associated with this RoutingConfiguration. |
SubResource |
| propagatedRouteTables |
The list of RouteTables to advertise the routes to. |
PropagatedRouteTable |
| vnetRoutes |
List of routes that control routing from VirtualHub into a virtual network connection. |
VnetRoute |
StaticRoute
| Name |
Description |
Value |
| addressPrefixes |
List of all address prefixes. |
string[] |
| name |
The name of the StaticRoute that is unique within a VnetRoute. |
string |
| nextHopIpAddress |
The ip address of the next hop. |
string |
SubResource
| Name |
Description |
Value |
| id |
Resource ID. |
string |
VnetRoute
| Name |
Description |
Value |
| staticRoutes |
List of all Static Routes. |
StaticRoute[] |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
The p2svpnGateways resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/p2svpnGateways resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/p2svpnGateways@2020-04-01"
name = "string"
parent_id = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
p2SConnectionConfigurations = [
{
id = "string"
name = "string"
properties = {
routingConfiguration = {
associatedRouteTable = {
id = "string"
}
propagatedRouteTables = {
ids = [
{
id = "string"
}
]
labels = [
"string"
]
}
vnetRoutes = {
staticRoutes = [
{
addressPrefixes = [
"string"
]
name = "string"
nextHopIpAddress = "string"
}
]
}
}
vpnClientAddressPool = {
addressPrefixes = [
"string"
]
}
}
}
]
virtualHub = {
id = "string"
}
vpnGatewayScaleUnit = int
vpnServerConfiguration = {
id = "string"
}
}
}
}
Property Values
Microsoft.Network/p2svpnGateways
| Name |
Description |
Value |
| location |
Resource location. |
string |
| name |
The resource name |
string (required) |
| properties |
Properties of the P2SVpnGateway. |
P2SVpnGatewayProperties |
| tags |
Resource tags |
Dictionary of tag names and values. |
| type |
The resource type |
"Microsoft.Network/p2svpnGateways@2020-04-01" |
AddressSpace
| Name |
Description |
Value |
| addressPrefixes |
A list of address blocks reserved for this virtual network in CIDR notation. |
string[] |
P2SConnectionConfiguration
| Name |
Description |
Value |
| id |
Resource ID. |
string |
| name |
The name of the resource that is unique within a resource group. This name can be used to access the resource. |
string |
| properties |
Properties of the P2S connection configuration. |
P2SConnectionConfigurationProperties |
P2SConnectionConfigurationProperties
| Name |
Description |
Value |
| routingConfiguration |
The Routing Configuration indicating the associated and propagated route tables on this connection. |
RoutingConfiguration |
| vpnClientAddressPool |
The reference to the address space resource which represents Address space for P2S VpnClient. |
AddressSpace |
P2SVpnGatewayProperties
| Name |
Description |
Value |
| p2SConnectionConfigurations |
List of all p2s connection configurations of the gateway. |
P2SConnectionConfiguration[] |
| virtualHub |
The VirtualHub to which the gateway belongs. |
SubResource |
| vpnGatewayScaleUnit |
The scale unit for this p2s vpn gateway. |
int |
| vpnServerConfiguration |
The VpnServerConfiguration to which the p2sVpnGateway is attached to. |
SubResource |
PropagatedRouteTable
| Name |
Description |
Value |
| ids |
The list of resource ids of all the RouteTables. |
SubResource[] |
| labels |
The list of labels. |
string[] |
RoutingConfiguration
| Name |
Description |
Value |
| associatedRouteTable |
The resource id RouteTable associated with this RoutingConfiguration. |
SubResource |
| propagatedRouteTables |
The list of RouteTables to advertise the routes to. |
PropagatedRouteTable |
| vnetRoutes |
List of routes that control routing from VirtualHub into a virtual network connection. |
VnetRoute |
StaticRoute
| Name |
Description |
Value |
| addressPrefixes |
List of all address prefixes. |
string[] |
| name |
The name of the StaticRoute that is unique within a VnetRoute. |
string |
| nextHopIpAddress |
The ip address of the next hop. |
string |
SubResource
| Name |
Description |
Value |
| id |
Resource ID. |
string |
VnetRoute
| Name |
Description |
Value |
| staticRoutes |
List of all Static Routes. |
StaticRoute[] |
Usage Examples
A basic example of deploying Point-to-Site VPN Gateway.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "vpnServerConfiguration" {
type = "Microsoft.Network/vpnServerConfigurations@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
vpnAuthenticationTypes = [
"Certificate",
]
vpnClientIpsecPolicies = [
]
vpnClientRevokedCertificates = [
]
vpnClientRootCertificates = [
{
name = "DigiCert-Federated-ID-Root-CA"
publicCertData = "MIIDuzCCAqOgAwIBAgIQCHTZWCM+IlfFIRXIvyKSrjANBgkqhkiG9w0BAQsFADBn\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSYwJAYDVQQDEx1EaWdpQ2VydCBGZWRlcmF0ZWQgSUQg\nUm9vdCBDQTAeFw0xMzAxMTUxMjAwMDBaFw0zMzAxMTUxMjAwMDBaMGcxCzAJBgNV\nBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp\nY2VydC5jb20xJjAkBgNVBAMTHURpZ2lDZXJ0IEZlZGVyYXRlZCBJRCBSb290IENB\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAEB4pcCqnNNOWE6Ur5j\nQPUH+1y1F9KdHTRSza6k5iDlXq1kGS1qAkuKtw9JsiNRrjltmFnzMZRBbX8Tlfl8\nzAhBmb6dDduDGED01kBsTkgywYPxXVTKec0WxYEEF0oMn4wSYNl0lt2eJAKHXjNf\nGTwiibdP8CUR2ghSM2sUTI8Nt1Omfc4SMHhGhYD64uJMbX98THQ/4LMGuYegou+d\nGTiahfHtjn7AboSEknwAMJHCh5RlYZZ6B1O4QbKJ+34Q0eKgnI3X6Vc9u0zf6DH8\nDk+4zQDYRRTqTnVO3VT8jzqDlCRuNtq6YvryOWN74/dq8LQhUnXHvFyrsdMaE1X2\nDwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV\nHQ4EFgQUGRdkFnbGt1EWjKwbUne+5OaZvRYwHwYDVR0jBBgwFoAUGRdkFnbGt1EW\njKwbUne+5OaZvRYwDQYJKoZIhvcNAQELBQADggEBAHcqsHkrjpESqfuVTRiptJfP\n9JbdtWqRTmOf6uJi2c8YVqI6XlKXsD8C1dUUaaHKLUJzvKiazibVuBwMIT84AyqR\nQELn3e0BtgEymEygMU569b01ZPxoFSnNXc7qDZBDef8WfqAV/sxkTi8L9BkmFYfL\nuGLOhRJOFprPdoDIUBB+tmCl3oDcBy3vnUeOEioz8zAkprcb3GHwHAK+vHmmfgcn\nWsfMLH4JCLa/tRYL+Rw/N3ybCkDp00s0WUZ+AoDywSl0Q/ZEnNY0MsFiw6LyIdbq\nM/s/1JRtO3bDSzD9TazRVzn2oBqzSa8VgIo5C1nOnoAKJTlsClJKvIhnRlaLQqk=\n"
},
]
vpnProtocols = [
"OpenVPN",
"IkeV2",
]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "virtualWan" {
type = "Microsoft.Network/virtualWans@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
allowBranchToBranchTraffic = true
disableVpnEncryption = false
office365LocalBreakoutCategory = "None"
type = "Standard"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "virtualHub" {
type = "Microsoft.Network/virtualHubs@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
addressPrefix = "10.0.1.0/24"
hubRoutingPreference = "ExpressRoute"
virtualRouterAutoScaleConfiguration = {
minCapacity = 2
}
virtualWan = {
id = azapi_resource.virtualWan.id
}
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "p2svpnGateway" {
type = "Microsoft.Network/p2svpnGateways@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
isRoutingPreferenceInternet = false
p2SConnectionConfigurations = [
{
name = "first"
properties = {
enableInternetSecurity = false
vpnClientAddressPool = {
addressPrefixes = [
"172.100.0.0/14",
]
}
}
},
]
virtualHub = {
id = azapi_resource.virtualHub.id
}
vpnGatewayScaleUnit = 1
vpnServerConfiguration = {
id = azapi_resource.vpnServerConfiguration.id
}
}
}
schema_validation_enabled = false
response_export_values = ["*"]
timeouts {
create = "180m"
update = "180m"
delete = "180m"
}
}
