Delete a virtual network gateway using PowerShell
There are a couple of different approaches you can take when you want to delete a virtual network gateway for a VPN gateway configuration.
If you want to delete everything and start over, as in the case of a test environment, you can delete the resource group. When you delete a resource group, it deletes all the resources within the group. This is method is only recommended if you don't want to keep any of the resources in the resource group. You can't selectively delete only a few resources using this approach.
If you want to keep some of the resources in your resource group, deleting a virtual network gateway becomes slightly more complicated. Before you can delete the virtual network gateway, you must first delete any resources that are dependent on the gateway. The steps you follow depend on the type of connections that you created and the dependent resources for each connection.
Delete a site-to-site VPN gateway
To delete a virtual network gateway for a S2S configuration, you must first delete each resource that pertains to the virtual network gateway. Resources must be deleted in a certain order due to dependencies. In the following examples, some of the values must be specified, while other values are an output result. We use the following specific values in the examples for demonstration purposes:
- VNet name: VNet1
- Resource Group name: TestRG1
- Virtual network gateway name: VNet1GW
Get the virtual network gateway that you want to delete.
$GW=get-Azvirtualnetworkgateway -Name "VNet1GW" -ResourceGroupName "TestRG1"
Check to see if the virtual network gateway has any connections.
get-Azvirtualnetworkgatewayconnection -ResourceGroupName "TestRG1" | where-object {$_.VirtualNetworkGateway1.Id -eq $GW.Id} $Conns=get-Azvirtualnetworkgatewayconnection -ResourceGroupName "TestRG1" | where-object {$_.VirtualNetworkGateway1.Id -eq $GW.Id}
Delete all connections. You may be prompted to confirm the deletion of each of the connections.
$Conns | ForEach-Object {Remove-AzVirtualNetworkGatewayConnection -Name $_.name -ResourceGroupName $_.ResourceGroupName}
Delete the virtual network gateway. You may be prompted to confirm the deletion of the gateway. If you have a P2S configuration to this VNet in addition to your S2S configuration, deleting the virtual network gateway will automatically disconnect all P2S clients without warning.
Remove-AzVirtualNetworkGateway -Name "VNet1GW" -ResourceGroupName "TestRG1"
At this point, your virtual network gateway has been deleted. You can use the next steps to delete any resources that are no longer being used.
To delete the local network gateways, first get the list of the corresponding local network gateways.
$LNG=Get-AzLocalNetworkGateway -ResourceGroupName "TestRG1" | where-object {$_.Id -In $Conns.LocalNetworkGateway2.Id}
Next, delete the local network gateways. You may be prompted to confirm the deletion of each of the local network gateway.
$LNG | ForEach-Object {Remove-AzLocalNetworkGateway -Name $_.Name -ResourceGroupName $_.ResourceGroupName}
To delete the Public IP address resources, first get the IP configurations of the virtual network gateway.
$GWIpConfigs = $Gateway.IpConfigurations
Next, get the list of Public IP address resources used for this virtual network gateway. If the virtual network gateway was active-active, you'll see two Public IP addresses.
$PubIP=Get-AzPublicIpAddress | where-object {$_.Id -In $GWIpConfigs.PublicIpAddress.Id}
Delete the Public IP resources.
$PubIP | foreach-object {remove-AzpublicIpAddress -Name $_.Name -ResourceGroupName "TestRG1"}
Delete the gateway subnet and set the configuration.
$GWSub = Get-AzVirtualNetwork -ResourceGroupName "TestRG1" -Name "VNet1" | Remove-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" Set-AzVirtualNetwork -VirtualNetwork $GWSub
Delete a VNet-to-VNet VPN gateway
To delete a virtual network gateway for a V2V configuration, you must first delete each resource that pertains to the virtual network gateway. Resources must be deleted in a certain order due to dependencies. In the following examples, some of the values must be specified, while other values are an output result. We use the following specific values in the examples for demonstration purposes:
- VNet name: VNet1
- Resource Group name: TestRG1
- Virtual network gateway name: VNet1GW
Get the virtual network gateway that you want to delete.
$GW=get-Azvirtualnetworkgateway -Name "VNet1GW" -ResourceGroupName "TestRG1"
Check to see if the virtual network gateway has any connections.
get-Azvirtualnetworkgatewayconnection -ResourceGroupName "TestRG1" | where-object {$_.VirtualNetworkGateway1.Id -eq $GW.Id}
There may be other connections to the virtual network gateway that are part of a different resource group. Check for additional connections in each additional resource group. In this example, we're checking for connections from RG2. Run this for each resource group that you have which may have a connection to the virtual network gateway.
get-Azvirtualnetworkgatewayconnection -ResourceGroupName "RG2" | where-object {$_.VirtualNetworkGateway2.Id -eq $GW.Id}
Get the list of connections in both directions. Because this is a VNet-to-VNet configuration, you need the list of connections in both directions.
$ConnsL=get-Azvirtualnetworkgatewayconnection -ResourceGroupName "TestRG1" | where-object {$_.VirtualNetworkGateway1.Id -eq $GW.Id}
In this example, we're checking for connections from RG2. Run this for each resource group that you have which may have a connection to the virtual network gateway.
$ConnsR=get-Azvirtualnetworkgatewayconnection -ResourceGroupName "<NameOfResourceGroup2>" | where-object {$_.VirtualNetworkGateway2.Id -eq $GW.Id}
Delete all connections. You may be prompted to confirm the deletion of each of the connections.
$ConnsL | ForEach-Object {Remove-AzVirtualNetworkGatewayConnection -Name $_.name -ResourceGroupName $_.ResourceGroupName} $ConnsR | ForEach-Object {Remove-AzVirtualNetworkGatewayConnection -Name $_.name -ResourceGroupName $_.ResourceGroupName}
Delete the virtual network gateway. You may be prompted to confirm the deletion of the virtual network gateway. If you have P2S configurations to your VNets in addition to your V2V configuration, deleting the virtual network gateways will automatically disconnect all P2S clients without warning.
Remove-AzVirtualNetworkGateway -Name "VNet1GW" -ResourceGroupName "TestRG1"
At this point, your virtual network gateway has been deleted. You can use the next steps to delete any resources that are no longer being used.
To delete the Public IP address resources, get the IP configurations of the virtual network gateway.
$GWIpConfigs = $Gateway.IpConfigurations
Next, get the list of Public IP address resources used for this virtual network gateway. If the virtual network gateway was active-active, you'll see two Public IP addresses.
$PubIP=Get-AzPublicIpAddress | where-object {$_.Id -In $GWIpConfigs.PublicIpAddress.Id}
Delete the Public IP resources. You may be prompted to confirm the deletion of the Public IP.
$PubIP | foreach-object {remove-AzpublicIpAddress -Name $_.Name -ResourceGroupName "<NameOfResourceGroup1>"}
Delete the gateway subnet and set the configuration.
$GWSub = Get-AzVirtualNetwork -ResourceGroupName "TestRG1" -Name "VNet1" | Remove-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" Set-AzVirtualNetwork -VirtualNetwork $GWSub
Delete a point-to-site VPN gateway
To delete a virtual network gateway for a P2S configuration, you must first delete each resource that pertains to the virtual network gateway. Resources must be deleted in a certain order due to dependencies. When you work with the examples below, some of the values must be specified, while other values are an output result. We use the following specific values in the examples for demonstration purposes:
- VNet name: VNet1
- Resource Group name: TestRG1
- Virtual network gateway name: VNet1GW
Note
When you delete the VPN gateway, all connected clients will be disconnected from the VNet without warning.
Get the virtual network gateway that you want to delete.
GW=get-Azvirtualnetworkgateway -Name "VNet1GW" -ResourceGroupName "TestRG1"
Delete the virtual network gateway. You may be prompted to confirm the deletion of the virtual network gateway.
Remove-AzVirtualNetworkGateway -Name "VNet1GW" -ResourceGroupName "TestRG1"
At this point, your virtual network gateway has been deleted. You can use the next steps to delete any resources that are no longer being used.
To delete the Public IP address resources, first get the IP configurations of the virtual network gateway.
$GWIpConfigs = $Gateway.IpConfigurations
Next, get the list of Public IP addresses used for this virtual network gateway. If the virtual network gateway was active-active, you'll see two Public IP addresses.
$PubIP=Get-AzPublicIpAddress | where-object {$_.Id -In $GWIpConfigs.PublicIpAddress.Id}
Delete the Public IPs. You may be prompted to confirm the deletion of the Public IP.
$PubIP | foreach-object {remove-AzpublicIpAddress -Name $_.Name -ResourceGroupName "<NameOfResourceGroup1>"}
Delete the gateway subnet and set the configuration.
$GWSub = Get-AzVirtualNetwork -ResourceGroupName "TestRG1" -Name "VNet1" | Remove-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" Set-AzVirtualNetwork -VirtualNetwork $GWSub
Delete a VPN gateway by deleting the resource group
If you aren't concerned about keeping any of your resources in the resource group and you just want to start over, you can delete an entire resource group. This is a quick way to remove everything.
Get a list of all the resource groups in your subscription.
Get-AzResourceGroup
Locate the resource group that you want to delete.
Locate the resource group that you want to delete and view the list of resources in that resource group. In the example, the name of the resource group is TestRG1. Modify the example to retrieve a list of all the resources.
Find-AzResource -ResourceGroupNameContains TestRG1
Verify the resources in the list.
When the list is returned, review it to verify that you want to delete all the resources in the resource group, and the resource group itself. If you want to keep some of the resources in the resource group, use the steps in the earlier sections of this article to delete your gateway.
Delete the resource group and resources. To delete the resource group and all the resource contained in the resource group, modify the example and run.
Remove-AzResourceGroup -Name TestRG1
Check the status. It takes some time for Azure to delete all the resources. You can check the status of your resource group by using this cmdlet.
Get-AzResourceGroup -ResourceGroupName TestRG1
The result that is returned shows 'Succeeded'.
ResourceGroupName : TestRG1 Location : chinaeast2 ProvisioningState : Succeeded
Next steps
For FAQ information, see the Azure VPN Gateway FAQ.