Azure S2S VNet VPN网关

Question

we have to setup one VNet Site to Site VPN gateway between:

VM Azure VNet <-> On premise Site.

At the end of azure gateway configuration we obtain a preshared key to be used in vpn on premise device configuration.

These device are not in our control, so we have asked an other preshared key that we want to set up on azure gateway.

It's possible do it by web portal? and by power-shell? How?

Thanks in advance, Regards

PS: where i can found a complete guide of powershell commands to manipulate the VPN gateway?

Answer 1

For the "Classic" ASM stack ("Classic" VNET) i'm not aware of an API that would allow you to modify the pre-shared key on the Azure Gateway.

For ARM, the hint is in Step 8 ( -SharedKey parameter) https://azure.microsoft.com/en-in/documentation/articles/vpn-gateway-create-site-to-site-rm-powershell/

Create the VPN connection

Next, you'll create the Site-to-Site VPN connection between your virtual network gateway and your VPN device. Be sure to replace the values with your own. The shared key must match the value you used for your VPN device configuration. Note that the -ConnectionType for Site-to-Site is IPsec.

$gateway1 = Get-AzureRmVirtualNetworkGateway -Name vnetgw1 -ResourceGroupName testrg
$local = Get-AzureRmLocalNetworkGateway -Name LocalSite -ResourceGroupName testrg

New-AzureRmVirtualNetworkGatewayConnection -Name localtovon `
                                           -ResourceGroupName testrg `
                                           -Location 'West US' `
                                           -VirtualNetworkGateway1 $gateway1 `
                                           -LocalNetworkGateway2 $local `
                                           -ConnectionType IPsec `
                                           -RoutingWeight 10 `
                                           -SharedKey 'abc123'

NOTE

You don't have to use PowerShell to create the ARM Gateway. You can now do that using the Portal UI. You'll be presented with a pre-shared key input box when following the New "Connection" wizard. So first you create the Gateway and then the Site-to-site "Connection".

If you already have the ARM Virtual Network Gateway created, just go to https://resources.azure.com/ type in the name of the Site-to-Site "Connection" in the search box, look for the key in the JSON representation, edit, replace and save. Wait a few minutes for the Gateway to pick up the new key and you're done.

To answer your last question:

where i can found a complete guide of powershell commands to manipulate the VPN gateway?

Resource Explorer ( https://resources.azure.com ) has a neat way of exploring that -- check out its PowerShell tab while browsing through the resources.