Connecting on-premises equipment to Azure is a very easy task when using IPSEC VPNs. This allows for The on-premises equipment to access a VNet in Azure and allows VMs in that VNet to access the local network through the tunnel.
In some cases, this on-premises equipment could be a telecom provider, and the "on-premises equipment" consists of a number of remote terminal units connected to the telecom provider via a private GPRS network. The telco's side of the IPSEC tunnel would then have an ACL of 0.0.0.0/0 in the direction of Azure, which effectively sends any non-local IP packets generated by the terminal units to Azure. The problem is that Azure only handles IP packets to and from the VNet, and thus cannot handle Internet requests from the remote terminal units.
Is there any way to solve this without having to set up our own Linux VM as the IPSEC peer instead of using the Azure VNet Gateways?