Create a Site-to-Site VPN Gateway - PowerShell (Previous)

This document provides instructions for creating a Site-to-Site VPN gateway using PowerShell. This guide is intended for users who may be working with older versions of PowerShell or Azure resources.

Important Note

For the latest and recommended methods, please refer to the current Azure documentation. Features and cmdlets may have been updated or deprecated.

Prerequisites

An Azure subscription.
Azure PowerShell module installed and configured.
A virtual network (VNet) in Azure.
An on-premises network with a compatible VPN device.
An Azure Storage Account (for logs, optional).

Steps to Create the VPN Gateway

Step 1: Sign in to Azure

Open PowerShell and connect to your Azure account:

Connect-AzAccount

If you have multiple subscriptions, select the one you want to use:

Set-AzContext -SubscriptionId ""

Step 2: Define Variables

Set up variables for your resource names and locations. Replace the placeholder values with your actual information.


$resourceGroupName = "MyResourceGroup"
$location = "EastUS"
$vnetName = "MyVNet"
$gatewaySubnetName = "GatewaySubnet"
$gatewayName = "VNetGateway"
$gatewayAsn = 65515
$publicIpName = "VNetGatewayPublicIP"
$publicIp = New-AzPublicIpAddress -Name $publicIpName -ResourceGroupName $resourceGroupName -Location $location -AllocationMethod Dynamic
$vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $resourceGroupName
$subnet = Get-AzVirtualNetworkSubnetConfig -Name $gatewaySubnetName -VirtualNetwork $vnet
$ipConfig = New-AzVirtualNetworkGatewayIpConfig -Name "gwIpConfig" -SubnetId $subnet.Id -PublicIpAddressId $publicIp.Id
$gatewayType = "Vpn"
$vpnType = "RouteBased"

Step 3: Create the Virtual Network Gateway

This step provisions the VPN gateway. This process can take a significant amount of time (30-45 minutes or more).


$vnetGateway = New-AzVirtualNetworkGateway -Name $gatewayName -ResourceGroupName $resourceGroupName -Location $location -IpConfigurations $ipConfig -GatewayType $gatewayType -VpnType $vpnType -GatewaySku VpnGw1 -EnableBgp $false

Note: The GatewaySku parameter determines the performance and cost of your gateway. VpnGw1 is a common starting point. Adjust as needed.

Step 4: Verify Gateway Creation

Once the gateway is created, you can verify its status.


Get-AzVirtualNetworkGateway -Name $gatewayName -ResourceGroupName $resourceGroupName

Next Steps

After successfully creating the VPN gateway, you will typically proceed with the following:

Create a local network gateway representing your on-premises network.
Create a VPN connection between the Azure VNet gateway and the local network gateway.
Configure your on-premises VPN device to establish the tunnel.

Tip: For troubleshooting, review gateway logs and connection status in the Azure portal or using PowerShell cmdlets like Get-AzVirtualNetworkGatewayConnectionAdvFilter.

Important: This article uses PowerShell cmdlets that might be from an older version. Always ensure you are using the latest stable Azure PowerShell modules for optimal performance and security. If you encounter issues, consider upgrading your modules or referring to the latest documentation.