Azure ARM VPN
I created an Azure ARM VPN Site to Site template for one of our customers that needed a quick way to deploy site to site vpn in Azure Resource Manager.
You find the JSON template here
quick-redeploy-site-to-site-vpn
Or just hit this button to deploy the Azure ARM VPN site to site resources
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"vpnType": {
"type": "string",
"metadata": {
"description": "Route based or policy based"
},
"defaultValue": "RouteBased",
"allowedValues": [
"RouteBased",
"PolicyBased"
]
},
"localGatewayName": {
"type": "string",
"defaultValue": "onpremVPNGateway01",
"metadata": {
"description": "Aribtary name for gateway resource representing "
}
},
"localGatewayIpAddress": {
"type": "string",
"defaultValue": "X.X.X.X",
"metadata": {
"description": "Public IP of your local GW"
}
},
"localAddressPrefix": {
"type": "string",
"defaultValue": "192.168.0.0/16",
"metadata": {
"description": "CIDR block representing the address space of the OnPremise VPN network's Subnet"
}
},
"virtualNetworkName": {
"type": "string",
"defaultValue": "Vnet01",
"metadata": {
"description": "Arbitrary name for the Azure Virtual Network"
}
},
"azureVNetAddressPrefix": {
"type": "string",
"defaultValue": "10.10.0.0/16",
"metadata": {
"description": "CIDR block representing the address space of the Azure VNet"
}
},
"subnetName": {
"type": "string",
"defaultValue": "Subnet01",
"metadata": {
"description": "Aribtrary name for the Azure Subnet"
}
},
"subnetPrefix": {
"type": "string",
"defaultValue": "10.10.2.0/24",
"metadata": {
"description": "CIDR block for VM subnet, subset of azureVNetAddressPrefix address space"
}
},
"gatewaySubnetPrefix": {
"type": "string",
"defaultValue": "10.10.1.0/29",
"metadata": {
"description": "CIDR block for gateway subnet, subset of azureVNetAddressPrefix address space"
}
},
"gatewayPublicIPName": {
"type": "string",
"defaultValue": "VPNGatewayIP",
"metadata": {
"description": "Aribtary name for public IP resource used for the new azure gateway"
}
},
"gatewayName": {
"type": "string",
"defaultValue": "VPNGateway01",
"metadata": {
"description": "Arbitrary name for the new gateway"
}
},
"connectionName": {
"type": "string",
"defaultValue": "Site-To-Site",
"metadata": {
"description": "Arbitrary name for the new connection between Azure VNet and other network"
}
},
"sharedKey": {
"type": "securestring",
"metadata": {
"description": "Shared key (PSK) for IPSec tunnel"
}
}
},
"variables": {
"Location": "[resourceGroup().location]",
"vnetID": "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]",
"gatewaySubnetRef": "[concat(variables('vnetID'),'/subnets/','GatewaySubnet')]",
"subnetRef": "[concat(variables('vnetID'),'/subnets/',parameters('subnetName'))]",
"api-version": "2015-06-15"
},
"resources": [
{
"apiVersion": "[variables('api-version')]",
"type": "Microsoft.Network/localNetworkGateways",
"name": "[parameters('localGatewayName')]",
"location": "[variables('location')]",
"properties": {
"localNetworkAddressSpace": {
"addressPrefixes": [
"[parameters('localAddressPrefix')]"
]
},
"gatewayIpAddress": "[parameters('localGatewayIpAddress')]"
}
},
{
"apiVersion": "[variables('api-version')]",
"name": "[parameters('connectionName')]",
"type": "Microsoft.Network/connections",
"location": "[variables('location')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworkGateways/', parameters('gatewayName'))]",
"[concat('Microsoft.Network/localNetworkGateways/', parameters('localGatewayName'))]"
],
"properties": {
"virtualNetworkGateway1": {
"id": "[resourceId('Microsoft.Network/virtualNetworkGateways', parameters('gatewayName'))]"
},
"localNetworkGateway2": {
"id": "[resourceId('Microsoft.Network/localNetworkGateways', parameters('localGatewayName'))]"
},
"connectionType": "IPsec",
"routingWeight": 10,
"sharedKey": "[parameters('sharedKey')]"
}
},
{
"apiVersion": "[variables('api-version')]",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('virtualNetworkName')]",
"location": "[variables('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('azureVNetAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix')]"
}
},
{
"name": "GatewaySubnet",
"properties": {
"addressPrefix": "[parameters('gatewaySubnetPrefix')]"
}
}
]
}
},
{
"apiVersion": "[variables('api-version')]",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[parameters('gatewayPublicIPName')]",
"location": "[variables('location')]",
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"apiVersion": "[variables('api-version')]",
"type": "Microsoft.Network/virtualNetworkGateways",
"name": "[parameters('gatewayName')]",
"location": "[variables('location')]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', parameters('gatewayPublicIPName'))]",
"[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('gatewaySubnetRef')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',parameters('gatewayPublicIPName'))]"
}
},
"name": "vnetGatewayConfig"
}
],
"gatewayType": "Vpn",
"vpnType": "[parameters('vpnType')]",
"enableBgp": "false"
}
}
]
}