Azure: UDR for Gateway Subnet (Forced tunneling to appliance!)
Microsoft has silently released new network functionality (as of may 201 6 ) for Azure Resource Manager. This new functionality allows you to force tunnel traffic from a VM and to your Appliance in the cloud from a Virtual Network Gateway . (ExpressRoute, IPSEC, vnet to vnet) In previous scenario's we only had the possibility to tunnel traffic from vm's in a subnet to a subnet where an appliance resided in a one way scenario. You would then use technologies like an IPSEC VPN on your appliance to tunnel your traffic to and from a other datacenter and act as a network overlay to route your traffic according to your wishe s. Now it's possible to force traffic coming from the virtual network gateway be it from the IPSEC VPN connection or the ExpressRoute connection to your appliance in a different v N et (so use the default gateway VPN/Expressroute functionality). You need to add a UDR (User Defined Rule) in the "GatewaySubnet" in your vnet telling th