I have been playing with a virtual appliance firewall from Barracuda that is compatible with Azure. This device allows site-to-site VPN's to be created directly from this host to multiple places in the outside world.
What I was hoping to do was add a route on the hosts in my Azure Network that forwards x.x.x.0/24 (my on premise network) to the virtual appliance firewall ip on azure (part of the azure network ip range).
I can create the route, but traffic never gets to the virtual appliance. I tried removing the default route completely (so no traffic can leave), and then just adding my one route, even in that case it doesn't work. I lastly tried setting the default route to be the IP of the virtual appliance, in this scenario no traffic reaches the virtual appliance but i am able to access the web. I'm guessing MS is intercepting this traffic and changing the route. I even tried wireshark and that doesn't see the packet.
Any thoughts?