I'll post the "stock" config they provide below.
It's just a static site-to-site VPN, and I have static routing for everything. Nothing fancy.
One different I notice is that this one uses proxy-ID, whereas the other VPN tunnels I use do not. Don't know if that's related.
~~~~~~~~~~~~~~~~~~~~~~
Azure provided SSG config:
~~~~~~~~~~~~~~~~~~~~~~
set interface tunnel.1 zone untrust
set interface tunnel.1 ip unnumbered interface <NameOfYourOutsideInterface>
set route <RemoteNetworkHere> interface tunnel.1
set ike p1-proposal azure-proposal preshare group2 esp aes256 sha-1 seconds 28800
set ike gateway azure-gateway address <AzureRemoteGatewayIPHere> main outgoing-interface <NameOfYourOutsideInterface> preshare <PreShareKeyHere> proposal azure-proposal
set ike gateway azure-gateway dpd-liveness interval 10
set ike p2-proposal azure-ipsec-proposal no-pfs esp aes256 sha-1 seconds 3600
set vpn azure-ipsec-vpn gateway azure-gateway tunnel idletime 0 proposal azure-ipsec-proposal
set vpn azure-ipsec-vpn monitor optimized rekey
set vpn azure-ipsec-vpn proxy-id local-ip <LocalNetworkHere> remote-ip <RemoteNetworkHere> "ANY"
set vpn azure-ipsec-vpn bind interface tunnel.1