Show config elements for existing S2S VPN

%3CLINGO-SUB%20id%3D%22lingo-sub-893910%22%20slang%3D%22en-US%22%3EShow%20config%20elements%20for%20existing%20S2S%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-893910%22%20slang%3D%22en-US%22%3E%3CP%3ESo%2C%20I'm%20painfully%20new%20to%20all%20things%20cloud.%26nbsp%3B%20%26nbsp%3B%20I'm%20trying%20to%20use%20Powershell%20AZ%20module%20to%20identify%20all%20the%20components%20of%20our%20Site%20to%20Site%20VPN%20connection%20from%20Azure%20to%20a%20partners%20OnPrem%20network.%26nbsp%3B%20I%20got%20it%20set%20up%20and%20functional%20the%20fly%20and%20did%20not%20have%20the%20visibility%20to%20document%20the%20steps.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20trying%20to%20use%20Powershell%20to%20view%20all%20of%20the%20parameters%20of%20the%20one%20S2S%20Connection%2C%20including%20IPSec%20(one%20part%20I%20havent%20found%20yet%2C%20there%20may%20be%20more).%26nbsp%3B%20Here%20is%20what%20I%20have%20so%20far%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGet-AzVirtualNetworkGateway%20-Name%20CNGName%20-ResourceGroupName%20RGName%3C%2FP%3E%3CP%3EGet-AzVirtualNetworkGatewayConnection%20-Name%20VNGConnName%20-ResourceGroupName%20RGName%3C%2FP%3E%3CP%3EGet-AzLocalNetworkGateway%20-Name%20LNGName%20-ResourceGroupName%20RGName%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20dont%20see%20the%20IPSec%20Policy%20components%3B%20how%20do%20I%20see%20those%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAm%20I%20missing%20anything%20else%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-893910%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-896147%22%20slang%3D%22en-US%22%3ERe%3A%20Show%20config%20elements%20for%20existing%20S2S%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-896147%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20is%20what%20you%20are%20looking%20for.%20You%20can%20always%20download%20a%20generic%20configuration%20as%20well%20from%20the%20portal.%20You%20can%20use%20PowerShell%3CSPAN%3E%26nbsp%3B%20or%20CLI%20to%20change%20the%20configuration%20to%20different%20values%20than%20what%20is%20default.%20I%20will%20also%20attach%20the%20Microsoft%20Docs%20page%20that%20outlines%20this.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%24RG%20%3D%20%22TestRG1%22%3CBR%20%2F%3E%24GWName%20%3D%20%22VNet1GW%22%3CBR%20%2F%3E%24Connection%20%3D%20%22VNet1toSite1%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%23%20List%20the%20available%20VPN%20device%20models%20and%20versions%3CBR%20%2F%3EGet-AzVirtualNetworkGatewaySupportedVpnDevice%20-Name%20%24GWName%20-ResourceGroupName%20%24RG%3C%2FP%3E%3CP%3E%23%20Download%20the%20configuration%20script%20for%20the%20connection%3CBR%20%2F%3EGet-AzVirtualNetworkGatewayConnectionVpnDeviceConfigScript%20-Name%20%24Connection%20-ResourceGroupName%20%24RG%20-DeviceVendor%20Juniper%20-DeviceFamily%20Juniper_SRX_GA%20-FirmwareVersion%20Juniper_SRX_12.x_GA%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDownload%20VPN%20device%20configuration%20scripts%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvpn-gateway%2Fvpn-gateway-download-vpndevicescript%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvpn-gateway%2Fvpn-gateway-download-vpndevicescript%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F420230%22%20target%3D%22_blank%22%3E%40Per_Austreng%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

So, I'm painfully new to all things cloud.    I'm trying to use Powershell AZ module to identify all the components of our Site to Site VPN connection from Azure to a partners OnPrem network.  I got it set up and functional the fly and did not have the visibility to document the steps.

 

I'm trying to use Powershell to view all of the parameters of the one S2S Connection, including IPSec (one part I havent found yet, there may be more).  Here is what I have so far:

 

Get-AzVirtualNetworkGateway -Name CNGName -ResourceGroupName RGName

Get-AzVirtualNetworkGatewayConnection -Name VNGConnName -ResourceGroupName RGName

Get-AzLocalNetworkGateway -Name LNGName -ResourceGroupName RGName

 

I dont see the IPSec Policy components; how do I see those?  

 

Am I missing anything else?

 

1 Reply
Highlighted

This is what you are looking for. You can always download a generic configuration as well from the portal. You can use PowerShell  or CLI to change the configuration to different values than what is default. I will also attach the Microsoft Docs page that outlines this. 

 

$RG = "TestRG1"
$GWName = "VNet1GW"
$Connection = "VNet1toSite1"

 

# List the available VPN device models and versions
Get-AzVirtualNetworkGatewaySupportedVpnDevice -Name $GWName -ResourceGroupName $RG

# Download the configuration script for the connection
Get-AzVirtualNetworkGatewayConnectionVpnDeviceConfigScript -Name $Connection -ResourceGroupName $RG -DeviceVendor Juniper -DeviceFamily Juniper_SRX_GA -FirmwareVersion Juniper_SRX_12.x_GA

 

Download VPN device configuration scripts - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-download-vpndevicescript

 

 @Per_Austreng