Ipsec tunnel to Azure behind NAT adsl modem

  • Short question. I have setup a semi-working IPsec tunnel to azure. I can connect from on premise to an Azure VM using it's internal ip address. I cannot however rdp, ping, trace to back to the onpremise network. I cannot put modem in bridge mode, tried DMZ host option, forwarding ports (only tcp/udp ports, no ESP) and all that, but cannot get this to work. Local address ranges are also correct in the azure vpn configuration

    Some suggestions where to look at?