Thanks guys @PhilipDAth @jhoney12 @BlakeRichardson @alemabrahao for your suggestion. It has been rectified. problem was the service provider was managing both express route circuit(Azure) and newly deployed FW, and they diverted all default route from express route circuit to the FW, due to which the vMX appliance got the public ip of FW. default route was removed and vMX got actual IP(Azure provided at VMX interface) and the Client VPN gateway has started to work. It can be done by the FW IP,but that was not intended to do config in FW for this solution(managing certificates,DNS records etc)
... View more
