We have a hybrid network, on prem and Azure connected with a site to site VPN. Both side is a MX100, of course the vMX100 on Azure side.
We have vpn clients connecting to the on prem MX100 for a few years now and everything works fine. They can access the network resources and get to the internet. They can even connect to the on prem MX100 and access resources in Azure.
Recently, we have setup a vMX100 as the gateway in Azure. We are now trying to switch vpn users to hit the vMX100 instead of the on prem one. All (except for 2 DCs) of our resources have been moved to Azure so we want to users to go Azure first and remove the on prem as a critical path to the production resources. However, when we connect to the vMX100, we can access all network resources, even get all the way back to the on prem resources, but cannot get out to the internet.
I've match the vpn settings on the vMX100 and the MX100. All the routes and network security group look right. I'm lost. Any help is greatly appreciated.
Thanks for your reply. I believe you and it actually make sense but can you point me to any Microsoft document or article that talks about this? It will help me in presenting and explaining to the group when I tell them cant' be done.