Azure v6.28.0, Oct 3 25

We recommend using Azure Native.

Azure v6.28.0 published on Friday, Oct 3, 2025 by Pulumi

pulumi/pulumi-azure

azure.network.getGatewayConnection

Start a Neo task

Explain and create an azure.network.getGatewayConnection resource

We recommend using Azure Native.

Azure v6.28.0 published on Friday, Oct 3, 2025 by Pulumi

pulumi/pulumi-azure

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = azure.network.getGatewayConnection({
    name: "production",
    resourceGroupName: "networking",
});
export const virtualNetworkGatewayConnectionId = example.then(example => example.id);

import pulumi
import pulumi_azure as azure

example = azure.network.get_gateway_connection(name="production",
    resource_group_name="networking")
pulumi.export("virtualNetworkGatewayConnectionId", example.id)

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := network.GetGatewayConnection(ctx, &network.GetGatewayConnectionArgs{
			Name:              "production",
			ResourceGroupName: "networking",
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("virtualNetworkGatewayConnectionId", example.Id)
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = Azure.Network.GetGatewayConnection.Invoke(new()
    {
        Name = "production",
        ResourceGroupName = "networking",
    });

    return new Dictionary<string, object?>
    {
        ["virtualNetworkGatewayConnectionId"] = example.Apply(getGatewayConnectionResult => getGatewayConnectionResult.Id),
    };
});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.network.NetworkFunctions;
import com.pulumi.azure.network.inputs.GetGatewayConnectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = NetworkFunctions.getGatewayConnection(GetGatewayConnectionArgs.builder()
            .name("production")
            .resourceGroupName("networking")
            .build());

        ctx.export("virtualNetworkGatewayConnectionId", example.id());
    }
}

variables:
  example:
    fn::invoke:
      function: azure:network:getGatewayConnection
      arguments:
        name: production
        resourceGroupName: networking
outputs:
  virtualNetworkGatewayConnectionId: ${example.id}

API Providers

This data source uses the following Azure API Providers:

Microsoft.Network - 2024-05-01

Using getGatewayConnection

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getGatewayConnection(args: GetGatewayConnectionArgs, opts?: InvokeOptions): Promise<GetGatewayConnectionResult>
function getGatewayConnectionOutput(args: GetGatewayConnectionOutputArgs, opts?: InvokeOptions): Output<GetGatewayConnectionResult>

def get_gateway_connection(name: Optional[str] = None,
                           resource_group_name: Optional[str] = None,
                           opts: Optional[InvokeOptions] = None) -> GetGatewayConnectionResult
def get_gateway_connection_output(name: Optional[pulumi.Input[str]] = None,
                           resource_group_name: Optional[pulumi.Input[str]] = None,
                           opts: Optional[InvokeOptions] = None) -> Output[GetGatewayConnectionResult]

func GetGatewayConnection(ctx *Context, args *GetGatewayConnectionArgs, opts ...InvokeOption) (*GetGatewayConnectionResult, error)
func GetGatewayConnectionOutput(ctx *Context, args *GetGatewayConnectionOutputArgs, opts ...InvokeOption) GetGatewayConnectionResultOutput

> Note: This function is named GetGatewayConnection in the Go SDK.

public static class GetGatewayConnection 
{
    public static Task<GetGatewayConnectionResult> InvokeAsync(GetGatewayConnectionArgs args, InvokeOptions? opts = null)
    public static Output<GetGatewayConnectionResult> Invoke(GetGatewayConnectionInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetGatewayConnectionResult> getGatewayConnection(GetGatewayConnectionArgs args, InvokeOptions options)
public static Output<GetGatewayConnectionResult> getGatewayConnection(GetGatewayConnectionArgs args, InvokeOptions options)

fn::invoke:
  function: azure:network/getGatewayConnection:getGatewayConnection
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string: Specifies the name of the Virtual Network Gateway Connection.
ResourceGroupName string: Specifies the name of the resource group the Virtual Network Gateway Connection is located in.

Name string: Specifies the name of the Virtual Network Gateway Connection.
ResourceGroupName string: Specifies the name of the resource group the Virtual Network Gateway Connection is located in.

name String: Specifies the name of the Virtual Network Gateway Connection.
resourceGroupName String: Specifies the name of the resource group the Virtual Network Gateway Connection is located in.

name string: Specifies the name of the Virtual Network Gateway Connection.
resourceGroupName string: Specifies the name of the resource group the Virtual Network Gateway Connection is located in.

name str: Specifies the name of the Virtual Network Gateway Connection.
resource_group_name str: Specifies the name of the resource group the Virtual Network Gateway Connection is located in.

name String: Specifies the name of the Virtual Network Gateway Connection.
resourceGroupName String: Specifies the name of the resource group the Virtual Network Gateway Connection is located in.

getGatewayConnection Result

The following output properties are available:

AuthorizationKey string: The authorization key associated with the Express Route Circuit. This field is present only if the type is an ExpressRoute connection.
ConnectionProtocol string
DpdTimeoutSeconds int: The dead peer detection timeout of this connection in seconds.
EgressBytesTransferred int
EnableBgp bool: If true, BGP (Border Gateway Protocol) is enabled for this connection.
ExpressRouteCircuitId string: The ID of the Express Route Circuit (i.e. when type is ExpressRoute).
ExpressRouteGatewayBypass bool: If true, data packets will bypass ExpressRoute Gateway for data forwarding. This is only valid for ExpressRoute connections.
Id string: The provider-assigned unique ID for this managed resource.
IngressBytesTransferred int
IpsecPolicies List<GetGatewayConnectionIpsecPolicy>: (Optional) A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
LocalAzureIpAddressEnabled bool: Use private local Azure IP for the connection.
LocalNetworkGatewayId string: The ID of the local network gateway when a Site-to-Site connection (i.e. when type is IPsec).
Location string: The location/region where the connection is located.
Name string
PeerVirtualNetworkGatewayId string: The ID of the peer virtual network gateway when a VNet-to-VNet connection (i.e. when type is Vnet2Vnet).
PrivateLinkFastPathEnabled bool: If true, data packets will bypass the Express Route gateway when accessing private-links. This is only valid for ExpressRoute connections, on the conditions described in the relevant section in the Azure documentation
ResourceGroupName string
ResourceGuid string
RoutingWeight int: The routing weight.
SharedKey string: The shared IPSec key.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
TrafficSelectorPolicies List<GetGatewayConnectionTrafficSelectorPolicy>: One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
Type string: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet).
UsePolicyBasedTrafficSelectors bool: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block.
VirtualNetworkGatewayId string: The ID of the Virtual Network Gateway in which the connection is created.

AuthorizationKey string: The authorization key associated with the Express Route Circuit. This field is present only if the type is an ExpressRoute connection.
ConnectionProtocol string
DpdTimeoutSeconds int: The dead peer detection timeout of this connection in seconds.
EgressBytesTransferred int
EnableBgp bool: If true, BGP (Border Gateway Protocol) is enabled for this connection.
ExpressRouteCircuitId string: The ID of the Express Route Circuit (i.e. when type is ExpressRoute).
ExpressRouteGatewayBypass bool: If true, data packets will bypass ExpressRoute Gateway for data forwarding. This is only valid for ExpressRoute connections.
Id string: The provider-assigned unique ID for this managed resource.
IngressBytesTransferred int
IpsecPolicies []GetGatewayConnectionIpsecPolicy: (Optional) A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
LocalAzureIpAddressEnabled bool: Use private local Azure IP for the connection.
LocalNetworkGatewayId string: The ID of the local network gateway when a Site-to-Site connection (i.e. when type is IPsec).
Location string: The location/region where the connection is located.
Name string
PeerVirtualNetworkGatewayId string: The ID of the peer virtual network gateway when a VNet-to-VNet connection (i.e. when type is Vnet2Vnet).
PrivateLinkFastPathEnabled bool: If true, data packets will bypass the Express Route gateway when accessing private-links. This is only valid for ExpressRoute connections, on the conditions described in the relevant section in the Azure documentation
ResourceGroupName string
ResourceGuid string
RoutingWeight int: The routing weight.
SharedKey string: The shared IPSec key.
Tags map[string]string: A mapping of tags to assign to the resource.
TrafficSelectorPolicies []GetGatewayConnectionTrafficSelectorPolicy: One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
Type string: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet).
UsePolicyBasedTrafficSelectors bool: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block.
VirtualNetworkGatewayId string: The ID of the Virtual Network Gateway in which the connection is created.

authorizationKey String: The authorization key associated with the Express Route Circuit. This field is present only if the type is an ExpressRoute connection.
connectionProtocol String
dpdTimeoutSeconds Integer: The dead peer detection timeout of this connection in seconds.
egressBytesTransferred Integer
enableBgp Boolean: If true, BGP (Border Gateway Protocol) is enabled for this connection.
expressRouteCircuitId String: The ID of the Express Route Circuit (i.e. when type is ExpressRoute).
expressRouteGatewayBypass Boolean: If true, data packets will bypass ExpressRoute Gateway for data forwarding. This is only valid for ExpressRoute connections.
id String: The provider-assigned unique ID for this managed resource.
ingressBytesTransferred Integer
ipsecPolicies List<GetGatewayConnectionIpsecPolicy>: (Optional) A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
localAzureIpAddressEnabled Boolean: Use private local Azure IP for the connection.
localNetworkGatewayId String: The ID of the local network gateway when a Site-to-Site connection (i.e. when type is IPsec).
location String: The location/region where the connection is located.
name String
peerVirtualNetworkGatewayId String: The ID of the peer virtual network gateway when a VNet-to-VNet connection (i.e. when type is Vnet2Vnet).
privateLinkFastPathEnabled Boolean: If true, data packets will bypass the Express Route gateway when accessing private-links. This is only valid for ExpressRoute connections, on the conditions described in the relevant section in the Azure documentation
resourceGroupName String
resourceGuid String
routingWeight Integer: The routing weight.
sharedKey String: The shared IPSec key.
tags Map<String,String>: A mapping of tags to assign to the resource.
trafficSelectorPolicies List<GetGatewayConnectionTrafficSelectorPolicy>: One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
type String: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet).
usePolicyBasedTrafficSelectors Boolean: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block.
virtualNetworkGatewayId String: The ID of the Virtual Network Gateway in which the connection is created.

authorizationKey string: The authorization key associated with the Express Route Circuit. This field is present only if the type is an ExpressRoute connection.
connectionProtocol string
dpdTimeoutSeconds number: The dead peer detection timeout of this connection in seconds.
egressBytesTransferred number
enableBgp boolean: If true, BGP (Border Gateway Protocol) is enabled for this connection.
expressRouteCircuitId string: The ID of the Express Route Circuit (i.e. when type is ExpressRoute).
expressRouteGatewayBypass boolean: If true, data packets will bypass ExpressRoute Gateway for data forwarding. This is only valid for ExpressRoute connections.
id string: The provider-assigned unique ID for this managed resource.
ingressBytesTransferred number
ipsecPolicies GetGatewayConnectionIpsecPolicy[]: (Optional) A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
localAzureIpAddressEnabled boolean: Use private local Azure IP for the connection.
localNetworkGatewayId string: The ID of the local network gateway when a Site-to-Site connection (i.e. when type is IPsec).
location string: The location/region where the connection is located.
name string
peerVirtualNetworkGatewayId string: The ID of the peer virtual network gateway when a VNet-to-VNet connection (i.e. when type is Vnet2Vnet).
privateLinkFastPathEnabled boolean: If true, data packets will bypass the Express Route gateway when accessing private-links. This is only valid for ExpressRoute connections, on the conditions described in the relevant section in the Azure documentation
resourceGroupName string
resourceGuid string
routingWeight number: The routing weight.
sharedKey string: The shared IPSec key.
tags {[key: string]: string}: A mapping of tags to assign to the resource.
trafficSelectorPolicies GetGatewayConnectionTrafficSelectorPolicy[]: One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
type string: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet).
usePolicyBasedTrafficSelectors boolean: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block.
virtualNetworkGatewayId string: The ID of the Virtual Network Gateway in which the connection is created.

authorization_key str: The authorization key associated with the Express Route Circuit. This field is present only if the type is an ExpressRoute connection.
connection_protocol str
dpd_timeout_seconds int: The dead peer detection timeout of this connection in seconds.
egress_bytes_transferred int
enable_bgp bool: If true, BGP (Border Gateway Protocol) is enabled for this connection.
express_route_circuit_id str: The ID of the Express Route Circuit (i.e. when type is ExpressRoute).
express_route_gateway_bypass bool: If true, data packets will bypass ExpressRoute Gateway for data forwarding. This is only valid for ExpressRoute connections.
id str: The provider-assigned unique ID for this managed resource.
ingress_bytes_transferred int
ipsec_policies Sequence[GetGatewayConnectionIpsecPolicy]: (Optional) A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
local_azure_ip_address_enabled bool: Use private local Azure IP for the connection.
local_network_gateway_id str: The ID of the local network gateway when a Site-to-Site connection (i.e. when type is IPsec).
location str: The location/region where the connection is located.
name str
peer_virtual_network_gateway_id str: The ID of the peer virtual network gateway when a VNet-to-VNet connection (i.e. when type is Vnet2Vnet).
private_link_fast_path_enabled bool: If true, data packets will bypass the Express Route gateway when accessing private-links. This is only valid for ExpressRoute connections, on the conditions described in the relevant section in the Azure documentation
resource_group_name str
resource_guid str
routing_weight int: The routing weight.
shared_key str: The shared IPSec key.
tags Mapping[str, str]: A mapping of tags to assign to the resource.
traffic_selector_policies Sequence[GetGatewayConnectionTrafficSelectorPolicy]: One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
type str: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet).
use_policy_based_traffic_selectors bool: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block.
virtual_network_gateway_id str: The ID of the Virtual Network Gateway in which the connection is created.

authorizationKey String: The authorization key associated with the Express Route Circuit. This field is present only if the type is an ExpressRoute connection.
connectionProtocol String
dpdTimeoutSeconds Number: The dead peer detection timeout of this connection in seconds.
egressBytesTransferred Number
enableBgp Boolean: If true, BGP (Border Gateway Protocol) is enabled for this connection.
expressRouteCircuitId String: The ID of the Express Route Circuit (i.e. when type is ExpressRoute).
expressRouteGatewayBypass Boolean: If true, data packets will bypass ExpressRoute Gateway for data forwarding. This is only valid for ExpressRoute connections.
id String: The provider-assigned unique ID for this managed resource.
ingressBytesTransferred Number
ipsecPolicies List<Property Map>: (Optional) A ipsec_policy block which is documented below. Only a single policy can be defined for a connection. For details on custom policies refer to the relevant section in the Azure documentation.
localAzureIpAddressEnabled Boolean: Use private local Azure IP for the connection.
localNetworkGatewayId String: The ID of the local network gateway when a Site-to-Site connection (i.e. when type is IPsec).
location String: The location/region where the connection is located.
name String
peerVirtualNetworkGatewayId String: The ID of the peer virtual network gateway when a VNet-to-VNet connection (i.e. when type is Vnet2Vnet).
privateLinkFastPathEnabled Boolean: If true, data packets will bypass the Express Route gateway when accessing private-links. This is only valid for ExpressRoute connections, on the conditions described in the relevant section in the Azure documentation
resourceGroupName String
resourceGuid String
routingWeight Number: The routing weight.
sharedKey String: The shared IPSec key.
tags Map<String>: A mapping of tags to assign to the resource.
trafficSelectorPolicies List<Property Map>: One or more traffic_selector_policy blocks which are documented below. A traffic_selector_policy allows to specify a traffic selector policy proposal to be used in a virtual network gateway connection. For details about traffic selectors refer to the relevant section in the Azure documentation.
type String: The type of connection. Valid options are IPsec (Site-to-Site), ExpressRoute (ExpressRoute), and Vnet2Vnet (VNet-to-VNet).
usePolicyBasedTrafficSelectors Boolean: If true, policy-based traffic selectors are enabled for this connection. Enabling policy-based traffic selectors requires an ipsec_policy block.
virtualNetworkGatewayId String: The ID of the Virtual Network Gateway in which the connection is created.

Supporting Types

GetGatewayConnectionIpsecPolicy

DhGroup string: The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
IkeEncryption string: The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, or DES3.
IkeIntegrity string: The IKE integrity algorithm. Valid options are MD5, SHA1, SHA256, or SHA384.
IpsecEncryption string: The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
IpsecIntegrity string: The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
PfsGroup string: The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS2, PFS2048, PFS24, or None.
SaDatasize int: The IPSec SA payload size in KB. Must be at least 1024 KB.
SaLifetime int: The IPSec SA lifetime in seconds. Must be at least 300 seconds.

DhGroup string: The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
IkeEncryption string: The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, or DES3.
IkeIntegrity string: The IKE integrity algorithm. Valid options are MD5, SHA1, SHA256, or SHA384.
IpsecEncryption string: The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
IpsecIntegrity string: The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
PfsGroup string: The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS2, PFS2048, PFS24, or None.
SaDatasize int: The IPSec SA payload size in KB. Must be at least 1024 KB.
SaLifetime int: The IPSec SA lifetime in seconds. Must be at least 300 seconds.

dhGroup String: The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
ikeEncryption String: The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, or DES3.
ikeIntegrity String: The IKE integrity algorithm. Valid options are MD5, SHA1, SHA256, or SHA384.
ipsecEncryption String: The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
ipsecIntegrity String: The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
pfsGroup String: The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS2, PFS2048, PFS24, or None.
saDatasize Integer: The IPSec SA payload size in KB. Must be at least 1024 KB.
saLifetime Integer: The IPSec SA lifetime in seconds. Must be at least 300 seconds.

dhGroup string: The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
ikeEncryption string: The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, or DES3.
ikeIntegrity string: The IKE integrity algorithm. Valid options are MD5, SHA1, SHA256, or SHA384.
ipsecEncryption string: The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
ipsecIntegrity string: The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
pfsGroup string: The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS2, PFS2048, PFS24, or None.
saDatasize number: The IPSec SA payload size in KB. Must be at least 1024 KB.
saLifetime number: The IPSec SA lifetime in seconds. Must be at least 300 seconds.

dh_group str: The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
ike_encryption str: The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, or DES3.
ike_integrity str: The IKE integrity algorithm. Valid options are MD5, SHA1, SHA256, or SHA384.
ipsec_encryption str: The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
ipsec_integrity str: The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
pfs_group str: The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS2, PFS2048, PFS24, or None.
sa_datasize int: The IPSec SA payload size in KB. Must be at least 1024 KB.
sa_lifetime int: The IPSec SA lifetime in seconds. Must be at least 300 seconds.

dhGroup String: The DH group used in IKE phase 1 for initial SA. Valid options are DHGroup1, DHGroup14, DHGroup2, DHGroup2048, DHGroup24, ECP256, ECP384, or None.
ikeEncryption String: The IKE encryption algorithm. Valid options are AES128, AES192, AES256, DES, or DES3.
ikeIntegrity String: The IKE integrity algorithm. Valid options are MD5, SHA1, SHA256, or SHA384.
ipsecEncryption String: The IPSec encryption algorithm. Valid options are AES128, AES192, AES256, DES, DES3, GCMAES128, GCMAES192, GCMAES256, or None.
ipsecIntegrity String: The IPSec integrity algorithm. Valid options are GCMAES128, GCMAES192, GCMAES256, MD5, SHA1, or SHA256.
pfsGroup String: The DH group used in IKE phase 2 for new child SA. Valid options are ECP256, ECP384, PFS1, PFS2, PFS2048, PFS24, or None.
saDatasize Number: The IPSec SA payload size in KB. Must be at least 1024 KB.
saLifetime Number: The IPSec SA lifetime in seconds. Must be at least 300 seconds.

GetGatewayConnectionTrafficSelectorPolicy

LocalAddressCidrs List<string>: List of local CIDRs.
RemoteAddressCidrs List<string>: List of remote CIDRs.

LocalAddressCidrs []string: List of local CIDRs.
RemoteAddressCidrs []string: List of remote CIDRs.

localAddressCidrs List<String>: List of local CIDRs.
remoteAddressCidrs List<String>: List of remote CIDRs.

localAddressCidrs string[]: List of local CIDRs.
remoteAddressCidrs string[]: List of remote CIDRs.

local_address_cidrs Sequence[str]: List of local CIDRs.
remote_address_cidrs Sequence[str]: List of remote CIDRs.

localAddressCidrs List<String>: List of local CIDRs.
remoteAddressCidrs List<String>: List of remote CIDRs.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure v6.28.0 published on Friday, Oct 3, 2025 by Pulumi

pulumi/pulumi-azure

azure.network.getGatewayConnection

On this page

On this page

Example Usage

API Providers

Using getGatewayConnection

getGatewayConnection Result

Supporting Types

GetGatewayConnectionIpsecPolicy

GetGatewayConnectionTrafficSelectorPolicy

Package Details

On this page

On this page