We've got a route-based VPN. A customer of us has a policy-based VPN.
You can now configure your Route-based VPN to also accept Policy-based:
In the example they only use one -switch though:
New-AzVirtualNetworkGatewayConnection -Name $Connection16 -ResourceGroupName $RG1 -VirtualNetworkGateway1 $vnet1gw -LocalNetworkGateway2 $lng6 -Location $Location1 -ConnectionType IPsec -UsePolicyBasedTrafficSelectors $True -IpsecPolicies $ipsecpolicy6 -SharedKey 'AzureA1b2C3'
-UsePolicyBasedTrafficSelectors $true, this will send all your subnets over the VPN to tunnel. Including peerings etc. this is not what we want, so I tried it with: New-AzIpsecTrafficSelectorPolicy
Unfortunately there is barely to none information about New-AzIpsecTrafficSelectorPolicy:
When I implement it like this:
$IPTSP = New-AzIpsecTrafficSelectorPolicy -LocalAddressRange ("10.20.1.0/24", "10.20.0.0/24") -RemoteAddressRange ('10.235.197.0/27','10.235.197.32/27','10.235.199.0/27','10.235.199.32/27')It will send all remote addresses at once over the tunnel. Is this the way to go then?:
$IPTSP = New-AzIpsecTrafficSelectorPolicy -LocalAddressRange ("10.20.1.0/24","10.20.1.0/24","10.20.1.0/24","10.20.1.0/24", "10.20.0.0/24", "10.20.0.0/24", "10.20.0.0/24", "10.20.0.0/24") -RemoteAddressRange ('10.235.197.0/27','10.235.197.32/27','10.235.199.0/27','10.235.199.32/27','10.235.197.0/27','10.235.197.32/27','10.235.199.0/27','10.235.199.32/27')Is someone more familiar with this cmdlet that can help me?
