I did have a good hunt around for a similar post but couldn't find the same scenario. I am trying to connect to a 3rd party URL from an on-prem machine, through Azure. So:
on-prem -> (point-to-site) -> Azure VPN Gateway -> (site-to-site) -> 3rd party URL
- Point to site address space: 172.16.0.0/24
- Azure vnet address space: 10.3.0.0/16
- 3rd party address space: 10.100.0.0/16
I have put a VM in the Azure network as a middleman for testing, and I can connect from on-prem to the VM, and from the VM to the 3rd party site, however for some reason I can't get all the way through. The weirdest part is that the 3rd party IP resolves correctly from the hostname, I just can't connect to the URL (it's HTTPS/443 if that matters). If I run a tracert from on-prem I can see that 'tracert VM' first hop goes straight to the VPN gateway, however 'tracert 3rdparty' goes to my router->isp->fail, so it seems my routing is messed up somehow.
I would have thought this would be pretty standard routing for the VPN gateway, but hopefully there's a way to make this work as it's vital to the project I'm working on. I'm happy to try custom routes, or whatever it takes. Appreciate any suggestions.
Best Answer
Thanks for the replies. After playing around a bit and some help from Microsoft support, apparently what I had to do was enable BGP on both gateways (Azure and 3rd party), and add a custom route on my on-prem machine.
To add the custom route, after downloading the VPN client from the Azure portal from the VPN Gateway blade and unzipping and installing, edit the routes.txt file %AppData%\Microsoft\Network\Connections\Cm\yourGuid\routes.txt. Add a route to the 3rd party network address space (in my case 10.100.0.0/16) that goes through the Azure router (10.3.200.5).
In our case we also wanted Azure web apps to be able to do the same thing through integrating with the VNet, in which case we also had to uncheck the 'IKEv2 VPN' checkbox in the Azure gateway point-to-site blade.