Hi everyone, 

On my demo device I've been trying to get a Route Based VPN running to Azure. But so far.. unsuccessful. I was hoping someone had a tutorial that shows me what/how to configure this from A-Z. 

What I've done so far: 

My setup: 

internal network: 172.16.5.0/24 - NET_172.16.5.0_24 (eth4)
CP using PPPOE dial-up no eth2

Setup Azure - this works with other FW's so should be good (192.168.8.0/22) and GWIP 1.2.3.4 

in CP SC: 

Create a Network object (Azure_NET) with the address space 192.168.8.0/22

Create an Interoperable device (Azure_GW) with 1.2.3.4 and Azure_NET as the VPN Domain

Create a Star VPN community - CP is Center, Azure_GW is satellite

Set the IkeV2 only, set the encryption ; set the pre-shared key - one tunnel per GW pair 

under Security Rules:

CP->AzureGW IKE ALLOW
AzureGW->CP IKE ALLOW

NET_172.16.5.0_24 -> Azure_NET - Any ALLOW
Azure_NET -> NET_172.16.5.0_24 - Any ALLOW

on CP object:
VPN-Link selection : selected external address

in WebUI: 

Create a new VPN Tunnel interface, Unnumbered - physical == internal eth4 (my internal network NIC)

Create a new route: 192.168.8.0/22 --> vpnt1

Now I see the tunnel coming up, as in the logs I see: Child SA exchange: Created a child SA successfully, but after that 0 traffic over the tunnel itself.. 

Help?