Azure Site-to-Site VPN ARM-template
Category
Tips & Tricks
Published
November 26, 2015
I created an Azure ARM VPN Site to Site template for one of our customers that needed a quick way to deploy site to site VPNs in Azure Resource Manager.
You'll find the JSON template here:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"vpnType": {
"type": "string",
"metadata": {
"description": "Route based or policy based"
},
"defaultValue": "RouteBased",
"allowedValues": [
"RouteBased",
"PolicyBased"
]
},
"localGatewayName": {
"type": "string",
"defaultValue": "onpremVPNGateway01",
"metadata": {
"description": "Aribtary name for gateway resource representing "
}
},
"localGatewayIpAddress": {
"type": "string",
"defaultValue": "X.X.X.X",
"metadata": {
"description": "Public IP of your local GW"
}
},
"localAddressPrefix": {
"type": "string",
"defaultValue": "192.168.0.0/16",
"metadata": {
"description": "CIDR block representing the address space of the OnPremise VPN network's Subnet"
}
},
"virtualNetworkName": {
"type": "string",
"defaultValue": "Vnet01",
"metadata": {
"description": "Arbitrary name for the Azure Virtual Network"
}
},
"azureVNetAddressPrefix": {
"type": "string",
"defaultValue": "10.10.0.0/16",
"metadata": {
"description": "CIDR block representing the address space of the Azure VNet"
}
},
"subnetName": {
"type": "string",
"defaultValue": "Subnet01",
"metadata": {
"description": "Aribtrary name for the Azure Subnet"
}
},
"subnetPrefix": {
"type": "string",
"defaultValue": "10.10.2.0/24",
"metadata": {
"description": "CIDR block for VM subnet, subset of azureVNetAddressPrefix address space"
}
},
"gatewaySubnetPrefix": {
"type": "string",
"defaultValue": "10.10.1.0/29",
"metadata": {
"description": "CIDR block for gateway subnet, subset of azureVNetAddressPrefix address space"
}
},
"gatewayPublicIPName": {
"type": "string",
"defaultValue": "VPNGatewayIP",
"metadata": {
"description": "Aribtary name for public IP resource used for the new azure gateway"
}
},
"gatewayName": {
"type": "string",
"defaultValue": "VPNGateway01",
"metadata": {
"description": "Arbitrary name for the new gateway"
}
},
"connectionName": {
"type": "string",
"defaultValue": "Site-To-Site",
"metadata": {
"description": "Arbitrary name for the new connection between Azure VNet and other network"
}
},
"sharedKey": {
"type": "securestring",
"metadata": {
"description": "Shared key (PSK) for IPSec tunnel"
}
}
},
"variables": {
"Location": "[resourceGroup().location]",
"vnetID": "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]",
"gatewaySubnetRef": "[concat(variables('vnetID'),'/subnets/','GatewaySubnet')]",
"subnetRef": "[concat(variables('vnetID'),'/subnets/',parameters('subnetName'))]",
"api-version": "2015-06-15"
},
"resources": [
{
"apiVersion": "[variables('api-version')]",
"type": "Microsoft.Network/localNetworkGateways",
"name": "[parameters('localGatewayName')]",
"location": "[variables('location')]",
"properties": {
"localNetworkAddressSpace": {
"addressPrefixes": [
"[parameters('localAddressPrefix')]"
]
},
"gatewayIpAddress": "[parameters('localGatewayIpAddress')]"
}
},
{
"apiVersion": "[variables('api-version')]",
"name": "[parameters('connectionName')]",
"type": "Microsoft.Network/connections",
"location": "[variables('location')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworkGateways/', parameters('gatewayName'))]",
"[concat('Microsoft.Network/localNetworkGateways/', parameters('localGatewayName'))]"
],
"properties": {
"virtualNetworkGateway1": {
"id": "[resourceId('Microsoft.Network/virtualNetworkGateways', parameters('gatewayName'))]"
},
"localNetworkGateway2": {
"id": "[resourceId('Microsoft.Network/localNetworkGateways', parameters('localGatewayName'))]"
},
"connectionType": "IPsec",
"routingWeight": 10,
"sharedKey": "[parameters('sharedKey')]"
}
},
{
"apiVersion": "[variables('api-version')]",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('virtualNetworkName')]",
"location": "[variables('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('azureVNetAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix')]"
}
},
{
"name": "GatewaySubnet",
"properties": {
"addressPrefix": "[parameters('gatewaySubnetPrefix')]"
}
}
]
}
},
{
"apiVersion": "[variables('api-version')]",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[parameters('gatewayPublicIPName')]",
"location": "[variables('location')]",
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"apiVersion": "[variables('api-version')]",
"type": "Microsoft.Network/virtualNetworkGateways",
"name": "[parameters('gatewayName')]",
"location": "[variables('location')]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', parameters('gatewayPublicIPName'))]",
"[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('gatewaySubnetRef')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',parameters('gatewayPublicIPName'))]"
}
},
"name": "vnetGatewayConfig"
}
],
"gatewayType": "Vpn",
"vpnType": "[parameters('vpnType')]",
"enableBgp": "false"
}
}
]
}
Written by
Jonas Erikson
Ready to Power Up your Business?
Whether you are looking to begin your cloud journey, modernize existing applications, or leverage data and AI platforms, we can help you every step of the way.
Contact us
Thank you!
Your submission has been sent
Your submission has been sent
Oops! Something went wrong while submitting the form. Try mailing us at info@redeploy.com instead!
Cookie Consent
By clicking “Accept,” you agree to store cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Please view our Cookie Policy for more information.