Azure ARM VPN Site to Site template

Azure ARM VPN

I created an Azure ARM VPN Site to Site template for one of our customers that needed a quick way to deploy site to site vpn in Azure Resource Manager.

You find the JSON template here
quick-redeploy-site-to-site-vpn

Azure ARM VPN

Or just hit this button to deploy the Azure ARM VPN site to site resources

 

{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "vpnType": {
            "type": "string",
            "metadata": {
                "description": "Route based or policy based"
            },
            "defaultValue": "RouteBased",
            "allowedValues": [
                "RouteBased",
                "PolicyBased"
            ]
        },
        "localGatewayName": {
            "type": "string",
            "defaultValue": "onpremVPNGateway01",
            "metadata": {
                "description": "Aribtary name for gateway resource representing "
            }
        },
        "localGatewayIpAddress": {
            "type": "string",
            "defaultValue": "X.X.X.X",
            "metadata": {
                "description": "Public IP of your local GW"
            }
        },
        "localAddressPrefix": {
            "type": "string",
            "defaultValue": "192.168.0.0/16",
            "metadata": {
                "description": "CIDR block representing the address space of the OnPremise VPN network's Subnet"
            }
        },
        "virtualNetworkName": {
            "type": "string",
            "defaultValue": "Vnet01",
            "metadata": {
                "description": "Arbitrary name for the Azure Virtual Network"
            }
        },
        "azureVNetAddressPrefix": {
            "type": "string",
            "defaultValue": "10.10.0.0/16",
            "metadata": {
                "description": "CIDR block representing the address space of the Azure VNet"
            }
        },
        "subnetName": {
            "type": "string",
            "defaultValue": "Subnet01",
            "metadata": {
                "description": "Aribtrary name for the Azure Subnet"
            }
        },
        "subnetPrefix": {
            "type": "string",
            "defaultValue": "10.10.2.0/24",
            "metadata": {
                "description": "CIDR block for VM subnet, subset of azureVNetAddressPrefix address space"
            }
        },
        "gatewaySubnetPrefix": {
            "type": "string",
            "defaultValue": "10.10.1.0/29",
            "metadata": {
                "description": "CIDR block for gateway subnet, subset of azureVNetAddressPrefix address space"
            }
        },
        "gatewayPublicIPName": {
            "type": "string",
            "defaultValue": "VPNGatewayIP",
            "metadata": {
                "description": "Aribtary name for public IP resource used for the new azure gateway"
            }
        },
        "gatewayName": {
            "type": "string",
            "defaultValue": "VPNGateway01",
            "metadata": {
                "description": "Arbitrary name for the new gateway"
            }
        },
        "connectionName": {
            "type": "string",
            "defaultValue": "Site-To-Site",
            "metadata": {
                "description": "Arbitrary name for the new connection between Azure VNet and other network"
            }
        },
        "sharedKey": {
            "type": "securestring",
            "metadata": {
                "description": "Shared key (PSK) for IPSec tunnel"
            }
        }
    },
    "variables": {
        "Location": "[resourceGroup().location]",
        "vnetID": "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]",
        "gatewaySubnetRef": "[concat(variables('vnetID'),'/subnets/','GatewaySubnet')]",
        "subnetRef": "[concat(variables('vnetID'),'/subnets/',parameters('subnetName'))]",
        "api-version": "2015-06-15"
    },
    "resources": [
        {
            "apiVersion": "[variables('api-version')]",
            "type": "Microsoft.Network/localNetworkGateways",
            "name": "[parameters('localGatewayName')]",
            "location": "[variables('location')]",
            "properties": {
                "localNetworkAddressSpace": {
                    "addressPrefixes": [
                        "[parameters('localAddressPrefix')]"
                    ]
                },
                "gatewayIpAddress": "[parameters('localGatewayIpAddress')]"
            }
        },
        {
            "apiVersion": "[variables('api-version')]",
            "name": "[parameters('connectionName')]",
            "type": "Microsoft.Network/connections",
            "location": "[variables('location')]",
            "dependsOn": [
                "[concat('Microsoft.Network/virtualNetworkGateways/', parameters('gatewayName'))]",
                "[concat('Microsoft.Network/localNetworkGateways/', parameters('localGatewayName'))]"
            ],
            "properties": {
                "virtualNetworkGateway1": {
                    "id": "[resourceId('Microsoft.Network/virtualNetworkGateways', parameters('gatewayName'))]"
                },
                "localNetworkGateway2": {
                    "id": "[resourceId('Microsoft.Network/localNetworkGateways', parameters('localGatewayName'))]"
                },
                "connectionType": "IPsec",
                "routingWeight": 10,
                "sharedKey": "[parameters('sharedKey')]"
            }
        },
        {
            "apiVersion": "[variables('api-version')]",
            "type": "Microsoft.Network/virtualNetworks",
            "name": "[parameters('virtualNetworkName')]",
            "location": "[variables('location')]",
            "properties": {
                "addressSpace": {
                    "addressPrefixes": [
                        "[parameters('azureVNetAddressPrefix')]"
                    ]
                },
                "subnets": [
                    {
                        "name": "[parameters('subnetName')]",
                        "properties": {
                            "addressPrefix": "[parameters('subnetPrefix')]"
                        }
                    },
                    {
                        "name": "GatewaySubnet",
                        "properties": {
                            "addressPrefix": "[parameters('gatewaySubnetPrefix')]"
                        }
                    }
                ]
            }
        },
        {
            "apiVersion": "[variables('api-version')]",
            "type": "Microsoft.Network/publicIPAddresses",
            "name": "[parameters('gatewayPublicIPName')]",
            "location": "[variables('location')]",
            "properties": {
                "publicIPAllocationMethod": "Dynamic"
            }
        },
        {
            "apiVersion": "[variables('api-version')]",
            "type": "Microsoft.Network/virtualNetworkGateways",
            "name": "[parameters('gatewayName')]",
            "location": "[variables('location')]",
            "dependsOn": [
                "[concat('Microsoft.Network/publicIPAddresses/', parameters('gatewayPublicIPName'))]",
                "[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
            ],
            "properties": {
                "ipConfigurations": [
                    {
                        "properties": {
                            "privateIPAllocationMethod": "Dynamic",
                            "subnet": {
                                "id": "[variables('gatewaySubnetRef')]"
                            },
                            "publicIPAddress": {
                                "id": "[resourceId('Microsoft.Network/publicIPAddresses',parameters('gatewayPublicIPName'))]"
                            }
                        },
                        "name": "vnetGatewayConfig"
                    }
                ],
                "gatewayType": "Vpn",
                "vpnType": "[parameters('vpnType')]",
                "enableBgp": "false"
            }
        }
    ]
}