Hello,
I have recently setup a site-to-site VPN using an ASR router to the Azure cloud. The tunnel establishes but it seems to not be able to pass data inbound to my VM's. The data appears to be blocked inbound somewhere. Neither ICMP or RDP works
over the tunnel. I have deleted/added the gateway, created a new VM, deleted/added a virtual network but nothing changes.
Packets are making it from the VM, over the tunnel and to my test machine. The test machine responds but those responses do not make it back to the VM. This, I have checked with a packet capture on both the test machine and the VM. A packet
capture on the test machine shows packets from the VM and the response from the desktop. A packet capture on the VM however shows nothing arriving from the test machine. I have checked routing which looks fine. The encrypted packet counter
on "show crypto ipsec sa peer x.x.x.x" is incrementing. The session shows as "UP-ACTIVE" on the router. I have tried modifying the ACL on the end points with no success either. I can access the VM over the
internet without issue, just not the tunnel.