Skip to content

New-AzIpsecPolicy is missing IkeEncryption optioion that is available in the portal #28945

Open
Open
New-AzIpsecPolicy is missing IkeEncryption optioion that is available in the portal#28945
Labels
NetworkService AttentionThis issue is responsible by Azure service team.act-quality-productivity-squadcustomer-reportedfeature-requestThis issue requires a new behavior in the product in order be resolved.
@isteirikhovind

Description

@isteirikhovind
isteirikhovind
opened on Dec 1, 2025

Description

When using New-AzIpsecPolicy with -IkeEncryption does not allow all values that are reflected in the Azure Portal.

Allowed values in Azure Portal:
IKE Phase 1: AES128, AES192, AES256, GCMAES128, GCMAES256
IKE Phase 2: DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256

Allowed values in powershell module:
IKE Phase 1: DES, DES3, AES128, AES192, AES256
IKE Phase 2: None, DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256

As you can see, its missing some options. Can these be added to allow wanted creation?

Script or Debug output

$ipsecPolicy = New-AzIpsecPolicy `
     -DhGroup              "DHGroup24" `
     -IkeEncryption        "GCMAES256" `
     -IkeIntegrity         "SHA384" `
     -IpsecEncryption      "GCMAES256" `
     -IpsecIntegrity       "GCMAES256" `
     -PfsGroup             "PFS24" `
     -SADataSizeKilobytes  102400000 `
     -SALifeTimeSeconds    14400

Environment data

Name                           Value
----                           -----
PSVersion                      7.5.3
PSEdition                      Core
GitCommitId                    7.5.3
OS                             Darwin 24.6.0 Darwin Kernel Version 24.6.0: Mon Aug 11 21:15:09 PDT 2…
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     7.23.1                Az.Network                          {Add-AzApplicationGatewayAuthen

Error output

New-AzIpsecPolicy: 
Line |
   3 |      -IkeEncryption        "GCMAES256" `
     |                            ~~~~~~~~~~~
     | Cannot validate argument on parameter 'IkeEncryption'. The argument "GCMAES256" does not belong to the set "DES,DES3,AES128,AES192,AES256" specified by the ValidateSet attribute. Supply an argument that is in the set and then try the command again.

Metadata

Metadata

Assignees

No one assigned

    Labels

    NetworkService AttentionThis issue is responsible by Azure service team.act-quality-productivity-squadcustomer-reportedfeature-requestThis issue requires a new behavior in the product in order be resolved.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions