Barracuda NG Firewall Azure
By default, servers deployed in Azure will not use the NG Azure as their primary gateway, and at the time of this writing, it isn't possible to change the routing of VMs deployed in Azure (see http://feedback.azure.com/forums/217313-networking-dns-traffic-manager-vpn-vnet/suggestions/5962359-possibility-to-change-default-gateway-and-force-tr).
Therefore, when a remote computer initiates a connection across the site-to-site VPN to a server in Azure, the traffic must be SNATted with the NG Azure's own IP address. This can be accomplished by setting the Connection Method to Dynamic SNAT in the forwarding rule governing the site-to-site traffic, which will ensure that the server routes the return traffic back to the NG instead of its default gateway.
However, if a VM deployed in Azure initiates a connection to a remote client across the site-to-site VPN, that traffic will not be routed through the NG by default. A client-to-site VPN will need to be established on the VM, and the network of the remote client will have to specified in the VPN configuration of the network routes. The client VPN network will also have be set as a local network in the configuration of the site-to-site tunnel on the NG Azure and as a remote network on the remote VPN endpoint. Finally, forwarding rules will have to be created or modified on each side to allow the traffic through.
Link To This Page: