02-15-2019 08:07 AM
So I've created site to sites between USGs and Azure a bunch of times in the past, but after some recent upgrades, I can't get it to come up anymore using the exact same steps I've always done.
Strangely, both the USG and Azure connection show that the tunnel is up. It just appears that routing is not traversing the tunnel. I've confirmed I unchecked PFS and Dynamic Routing. I've confirmed that all subnets match on both sides of the tunnel (so the local network gateway has all of my HQ subnets, and my USG has all of my VNet subnets).
Show vpn ipsec sa
yields results showing all local and remote subnet associations, but either inbound or outbound is 0 for each association. Any other ideas as to where to look?