azure-powershell icon indicating copy to clipboard operation
azure-powershell copied to clipboard
verified publisher icon Azure

New-AzIpsecPolicy is missing IkeEncryption optioion that is available in the portal

Open isteirikhovind opened this issue 1 month ago • 2 comments

Description

When using New-AzIpsecPolicy with -IkeEncryption does not allow all values that are reflected in the Azure Portal.

Allowed values in Azure Portal: IKE Phase 1: AES128, AES192, AES256, GCMAES128, GCMAES256 IKE Phase 2: DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256

Allowed values in powershell module: IKE Phase 1: DES, DES3, AES128, AES192, AES256 IKE Phase 2: None, DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256

As you can see, its missing some options. Can these be added to allow wanted creation?

Script or Debug output

$ipsecPolicy = New-AzIpsecPolicy `
     -DhGroup              "DHGroup24" `
     -IkeEncryption        "GCMAES256" `
     -IkeIntegrity         "SHA384" `
     -IpsecEncryption      "GCMAES256" `
     -IpsecIntegrity       "GCMAES256" `
     -PfsGroup             "PFS24" `
     -SADataSizeKilobytes  102400000 `
     -SALifeTimeSeconds    14400

Environment data

Name                           Value
----                           -----
PSVersion                      7.5.3
PSEdition                      Core
GitCommitId                    7.5.3
OS                             Darwin 24.6.0 Darwin Kernel Version 24.6.0: Mon Aug 11 21:15:09 PDT 2…
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     7.23.1                Az.Network                          {Add-AzApplicationGatewayAuthen…

Error output

New-AzIpsecPolicy: 
Line |
   3 |      -IkeEncryption        "GCMAES256" `
     |                            ~~~~~~~~~~~
     | Cannot validate argument on parameter 'IkeEncryption'. The argument "GCMAES256" does not belong to the set "DES,DES3,AES128,AES192,AES256" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again.

isteirikhovind avatar Dec 01 '25 13:12 isteirikhovind

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.

microsoft-github-policy-service[bot] avatar Dec 04 '25 01:12 microsoft-github-policy-service[bot]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.

microsoft-github-policy-service[bot] avatar Dec 04 '25 01:12 microsoft-github-policy-service[bot]