Created
June 30, 2022 06:56
-
-
Save skmkzyk/2e527f1a3478cc00e55b69f816208043 to your computer and use it in GitHub Desktop.
Bicep file for S2S VPN between 2 VNets in different region.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param primary_region string = 'southeastasia' | |
param secondary_region string = 'eastasia' | |
@secure() | |
param psk string | |
resource vnet01 'Microsoft.Network/virtualNetworks@2021-08-01' = { | |
name: 'vnet-sea01' | |
location: primary_region | |
properties: { | |
addressSpace: { | |
addressPrefixes: [ | |
'10.0.0.0/16' | |
] | |
} | |
subnets: [ | |
{ | |
name: 'default' | |
properties: { | |
addressPrefix: '10.0.0.0/24' | |
} | |
} | |
{ | |
name: 'GatewaySubnet' | |
properties: { | |
addressPrefix: '10.0.200.0/24' | |
} | |
} | |
] | |
} | |
} | |
resource gatewaysubnet_vnet01 'Microsoft.Network/virtualNetworks/subnets@2021-08-01' existing = { | |
parent: vnet01 | |
name: 'GatewaySubnet' | |
} | |
resource pip_gwsub01 'Microsoft.Network/publicIPAddresses@2021-08-01' = { | |
name: 'pip-vpngw-sea01' | |
location: primary_region | |
sku: { | |
name: 'Standard' | |
tier: 'Regional' | |
} | |
zones: [ | |
'1' | |
'2' | |
'3' | |
] | |
properties: { | |
publicIPAllocationMethod: 'Static' | |
publicIPAddressVersion: 'IPv4' | |
} | |
} | |
resource vpngw01 'Microsoft.Network/virtualNetworkGateways@2021-08-01' = { | |
name: 'vpngw-sea01' | |
location: primary_region | |
properties: { | |
sku: { | |
name: 'VpnGw1AZ' | |
tier: 'VpnGw1AZ' | |
} | |
ipConfigurations: [ | |
{ | |
name: 'default' | |
properties: { | |
publicIPAddress: { | |
id: pip_gwsub01.id | |
} | |
subnet: { | |
id: gatewaysubnet_vnet01.id | |
} | |
} | |
} | |
] | |
gatewayType: 'Vpn' | |
vpnType: 'RouteBased' | |
} | |
} | |
resource lng01 'Microsoft.Network/localNetworkGateways@2021-08-01' = { | |
name: 'lng-ea01' | |
location: primary_region | |
properties: { | |
gatewayIpAddress: pip_gwsub02.properties.ipAddress | |
localNetworkAddressSpace: { | |
addressPrefixes: [ | |
'10.10.0.0/16' | |
] | |
} | |
} | |
} | |
resource connection01 'Microsoft.Network/connections@2021-08-01' = { | |
name: 'conn-sea01' | |
location: primary_region | |
properties: { | |
connectionType: 'IPsec' | |
virtualNetworkGateway1: { | |
id: vpngw01.id | |
} | |
connectionProtocol: 'IKEv2' | |
sharedKey: psk | |
localNetworkGateway2: { | |
id: lng01.id | |
} | |
} | |
} | |
resource vnet02 'Microsoft.Network/virtualNetworks@2021-08-01' = { | |
name: 'vnet-ea01' | |
location: secondary_region | |
properties: { | |
addressSpace: { | |
addressPrefixes: [ | |
'10.10.0.0/16' | |
] | |
} | |
subnets: [ | |
{ | |
name: 'default' | |
properties: { | |
addressPrefix: '10.10.0.0/24' | |
} | |
} | |
{ | |
name: 'GatewaySubnet' | |
properties: { | |
addressPrefix: '10.10.200.0/24' | |
} | |
} | |
] | |
} | |
} | |
resource gatewaysubnet_vnet02 'Microsoft.Network/virtualNetworks/subnets@2021-08-01' existing = { | |
parent: vnet02 | |
name: 'GatewaySubnet' | |
} | |
resource pip_gwsub02 'Microsoft.Network/publicIPAddresses@2021-08-01' = { | |
name: 'pip-vpngw-ea01' | |
location: secondary_region | |
sku: { | |
name: 'Standard' | |
tier: 'Regional' | |
} | |
zones: [ | |
'1' | |
'2' | |
'3' | |
] | |
properties: { | |
publicIPAllocationMethod: 'Static' | |
publicIPAddressVersion: 'IPv4' | |
} | |
} | |
resource vpngw02 'Microsoft.Network/virtualNetworkGateways@2021-08-01' = { | |
name: 'vpngw-ea01' | |
location: secondary_region | |
properties: { | |
sku: { | |
name: 'VpnGw1AZ' | |
tier: 'VpnGw1AZ' | |
} | |
ipConfigurations: [ | |
{ | |
name: 'default' | |
properties: { | |
publicIPAddress: { | |
id: pip_gwsub02.id | |
} | |
subnet: { | |
id: gatewaysubnet_vnet02.id | |
} | |
} | |
} | |
] | |
gatewayType: 'Vpn' | |
vpnType: 'RouteBased' | |
vpnClientConfiguration: { | |
vpnClientAddressPool: { | |
addressPrefixes: [ | |
'192.168.10.0/24' | |
] | |
} | |
vpnClientProtocols: [ | |
'IkeV2' | |
] | |
vpnClientRootCertificates: [ | |
{ | |
name: 'p2srootcert_20220630' | |
properties: { | |
publicCertData: '' | |
} | |
} | |
] | |
} | |
} | |
} | |
resource lng02 'Microsoft.Network/localNetworkGateways@2021-08-01' = { | |
name: 'lng-sea01' | |
location: secondary_region | |
properties: { | |
gatewayIpAddress: pip_gwsub01.properties.ipAddress | |
localNetworkAddressSpace: { | |
addressPrefixes: [ | |
'10.0.0.0/16' | |
] | |
} | |
} | |
} | |
resource connection02 'Microsoft.Network/connections@2021-08-01' = { | |
name: 'conn-ea01' | |
location: secondary_region | |
properties: { | |
connectionType: 'IPsec' | |
virtualNetworkGateway1: { | |
id: vpngw02.id | |
} | |
connectionProtocol: 'IKEv2' | |
sharedKey: psk | |
localNetworkGateway2: { | |
id: lng02.id | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment