Azure Documentation

Comprehensive guides and tutorials for Microsoft Azure services.

Create a Site-to-Site VPN Gateway using PowerShell

This article guides you through the process of creating a cross-premises VPN gateway connection using Azure PowerShell.

Prerequisites

  • An Azure subscription.
  • Azure PowerShell module installed and configured.
  • An on-premises network with a VPN device compatible with Azure VPN gateways.

Steps to Create the VPN Gateway

1. Connect to your Azure Subscription


Install-Module -Name Az -AllowClobber -Scope CurrentUser
Connect-AzAccount
Select-AzSubscription -SubscriptionId "your-subscription-id"

2. Define Variables

Set up variables for your resource group, location, gateway name, and IP address pool.


$resourceGroupName = "MyResourceGroup"
$location = "East US"
$virtualNetworkName = "MyVNet"
$gatewayName = "MyVpnGateway"
$gatewayIpName = "MyVpnGatewayIp"
$gatewaySku = "VpnGw1" # Or VpnGw2, VpnGw3, etc.
$vnetAddressPrefix = "10.0.0.0/16"
$subnetName = "GatewaySubnet"
$subnetPrefix = "10.0.255.0/27" # Must be named GatewaySubnet
$publicIpName = "myPublicIp"
$publicIpSku = "Standard"

3. Create a Resource Group (if it doesn't exist)


New-AzResourceGroup -Name $resourceGroupName -Location $location

4. Create a Virtual Network


$vnet = New-AzVirtualNetwork -Name $virtualNetworkName -ResourceGroupName $resourceGroupName -Location $location `
    -AddressPrefix $vnetAddressPrefix -SubnetName $subnetName -SubnetAddressPrefix $subnetPrefix
Important: The subnet for the VPN gateway must be named GatewaySubnet.

5. Create a Public IP Address for the Gateway


$publicIp = New-AzPublicIpAddress -Name $publicIpName -ResourceGroupName $resourceGroupName -Location $location `
    -AllocationMethod Dynamic -Sku $publicIpSku

6. Create the VPN Gateway IP Configuration


$gatewayIpConfig = New-AzVirtualNetworkGatewayIpConfig -Name $gatewayIpName -PublicIpAddressId $publicIp.Id `
    -SubnetId $vnet.Subnets | Where-Object {$_.Name -eq $subnetName}.Id

7. Create the VPN Gateway

This step can take a significant amount of time (30-45 minutes or more).


$vpnGateway = New-AzVirtualNetworkGateway -Name $gatewayName -ResourceGroupName $resourceGroupName -Location $location `
    -IpConfigurations $gatewayIpConfig -GatewayType Vpn -VpnType RouteBased -GatewaySku $gatewaySku `
    -EnableBgp $false # Set to $true if you plan to use BGP
Tip: Monitor the deployment progress in the Azure portal.

8. Verify the Gateway Creation

Once the deployment is complete, you can verify the gateway details.


Get-AzVirtualNetworkGateway -ResourceGroupName $resourceGroupName -Name $gatewayName

Next Steps

  • Configure a local network gateway.
  • Create a connection between the VPN gateway and the local network gateway.
  • Configure your on-premises VPN device.