Updated: January 15, 2024 Contributors: Microsoft

Create a Site-to-Site VPN Gateway (Resource Manager PowerShell)

This article explains how to create a VPN gateway for a Site-to-Site (S2S) VPN connection using Azure Resource Manager PowerShell cmdlets.

Prerequisites

  • An Azure subscription.
  • Azure PowerShell installed and configured.
  • Permissions to create resources in your Azure subscription.

Step 1: Connect to Azure and Select Subscription

Open PowerShell and connect to your Azure account. If prompted, sign in with your Azure account credentials.

Connect-AzAccount
Set-AzContext -SubscriptionId "YOUR_SUBSCRIPTION_ID"

Step 2: Define Resource Group and Location

Specify the name of the resource group and the Azure region where you want to deploy the VPN gateway.

$rgName = "MyVPNResourceGroup"
$location = "East US"

# Create a resource group if it doesn't exist
New-AzResourceGroup -Name $rgName -Location $location

Step 3: Create a Virtual Network (VNet)

If you don't already have a VNet, create one. Ensure the GatewaySubnet is defined.

$vnetName = "MyVNet"
$vnetAddressSpace = "10.1.0.0/16"
$subnetName = "Subnet"
$subnetPrefix = "10.1.1.0/24"
$gatewaySubnetPrefix = "10.1.255.0/27"

# Create the VNet
$vnet = New-AzVirtualNetwork -Name $vnetName -ResourceGroupName $rgName -Location $location -AddressPrefix $vnetAddressSpace

# Add the default subnet
Add-AzVirtualNetworkSubnetConfig -Name $subnetName -VirtualNetwork $vnet -AddressPrefix $subnetPrefix

# Add the GatewaySubnet
Add-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet -AddressPrefix $gatewaySubnetPrefix

# Update the VNet with the new subnets
$vnet | Set-AzVirtualNetwork

Step 4: Create the VPN Gateway

This step involves creating the public IP address for the gateway and then the VPN gateway itself. This process can take a significant amount of time (30-45 minutes or more).

# Get the GatewaySubnet
$gatewaySubnet = Get-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet

# Create the public IP address for the VPN gateway
$publicIp = New-AzPublicIpAddress -Name "MyVpnGatewayIp" -ResourceGroupName $rgName -Location $location -AllocationMethod Dynamic

# Define the VPN gateway IP configuration
$gwIpConfig = New-AzVirtualNetworkGatewayIpConfig -Name "gwIpConfig" -SubnetId $gatewaySubnet.Id -PublicIpAddressId $publicIp.Id

# Create the virtual network gateway
$vpnGateway = New-AzVirtualNetworkGateway -Name "MyVpnGateway" -ResourceGroupName $rgName -Location $location -IpConfigurations $gwIpConfig -GatewayType Vpn -VpnType RouteBased -GatewaySku VpnGw1

Important

The creation of the VPN gateway is an asynchronous operation and can take a considerable amount of time. You can monitor the deployment progress in the Azure portal.

Step 5: Verify the Deployment

After the deployment is complete, you can verify the status of the VPN gateway.

Get-AzVirtualNetworkGateway -ResourceGroupName $rgName -Name "MyVpnGateway"

This command will return details about the newly created VPN gateway, including its provisioning state and IP configuration.

You have now successfully created a VPN gateway for a Site-to-Site VPN connection using Azure Resource Manager PowerShell. The next steps would involve creating a connection object to link this VPN gateway to your on-premises VPN device or another Azure VNet.