Azure s2s VPN configuration.

Create the resource group:
$Location = "CanadaCentral"
$RG = New-AzResourceGroup -Name "resource-group-name" -Location $Location
Create the subnets and virtual network. For VPN connections, there must be a subnet within the virtual network named GatewaySubnet. This subnet contains 2 VM's that host routing tables for connections to other networks, along with specific gateway services.
$subnet1 = New-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 10.1.255.0/27
$subnet2 = New-AzVirtualNetworkSubnetConfig -Name 'Frontend' -AddressPrefix 10.1.0.0/24
New-AzVirtualNetwork -Name "<vNet-name>" -ResourceGroupName $RG -Location $Location -AddressPrefix 10.1.0.0/16 -Subnet $subnet1, $subnet2
Set the static values required:
$RiP = '<remote-public-IP>'
$rCIDR1 = '<remote/peer subnet CIDR>'
Create the local network gateway. This refers to your on-premise (or remote) network.
To add a local network gateway with a single address prefix:
* $local = New-AzLocalNetworkGateway -Name <local-network-gateway-name> -ResourceGroupName $RG -Location $Location -GatewayIpAddress $RiP -AddressPrefix $rCIDR1
To add a local network gateway with multiple address prefixes:
* $local = New-AzLocalNetworkGateway -Name <local-network-gateway-name> -ResourceGroupName $RG -Location $Location -GatewayIpAddress $RiP -AddressPrefix @($rCIDR1,$rCIDR2)
Request a public IP address:
$gwpip= New-AzPublicIpAddress -Name "<public-IP-name>" -ResourceGroupName $RG -Location $Location -AllocationMethod Dynamic
Create the gateway IP addressing configuration:
* $vnet = Get-AzVirtualNetwork -Name "<vNetname>" -ResourceGroupName $RG
* $subnet = Get-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
* $gwipconfig = New-AzVirtualNetworkGatewayIpConfig -Name "<gateway-IP-name>" -SubnetId $subnet.Id -PublicIpAddressId $gwpip.Id
Create the VPN gateway. This could take up to 45 minutes. Also, specify the appropriate VPN appliance SKU.
$gateway1 = New-AzVirtualNetworkGateway -Name "<VPN-GW-name>" -ResourceGroupName $RG -Location $Location -IpConfigurations $gwipconfig -GatewayType Vpn -VpnType RouteBased -GatewaySku VpnGw1
Get-AzPublicIpAddress -Name "<public-IP-name>' -ResourceGroupName "<resource-group-name>"
The following sample script creates an IPsec/IKE policy with the following algorithms and parameters:
• IKEv2: AES256, SHA384, DHGroup14
• IPsec: AES256, SHA256, PFS None, SA Lifetime 28800 seconds & 102400000KB
• $ipsecpolicy6 = New-AzIpsecPolicy -IkeEncryption AES256 -IkeIntegrity SHA256 -DhGroup DHGroup14 -IpsecEncryption AES256 -IpsecIntegrity SHA256 -PfsGroup None -SALifeTimeSeconds 28800 -SADataSizeKilobytes 102400000
Create the VPN connection:
New-AzVirtualNetworkGatewayConnection -Name "<VPN-Connection-name>" -ResourceGroupName $RG -Location $Location -VirtualNetworkGateway1 $gateway1 -LocalNetworkGateway2 $local -ConnectionType IPsec -RoutingWeight 10 -IpsecPolicies $ipsecpolicy6 -SharedKey 'abc123'
Verify the VPN connection:
Get-AzVirtualNetworkGatewayConnection -Name "<VPN-Connection-name>" -ResourceGroupName $RG