object-group network AzureNetworksANY
description Azure-Virtual-Network_ANY[0/0]_Representation
network-object 10.1.0.0 255.255.0.0

object-group network OnpremisesNetworksANY
description Onpremises-Network_ANY[0/0]_Representation
network-object 172.16.1.0 255.255.255.0

object network obj_any
subnet 0.0.0.0 0.0.0.0

access-list Azure-ACL extended permit ip object obj_any object obj_any log notifications 

nat (inside_1,outside) source static obj_any obj_any destination static obj_any obj_any no-proxy-arp route-lookup



crypto ikev2 policy 1
encryption aes-256
integrity sha
group 2
prf sha
lifetime seconds 28800

crypto ipsec ikev2 ipsec-proposal Azure-Ipsec-Tunnel-DAN-40.85.85.40
protocol esp encryption aes-256
protocol esp integrity sha-256 

crypto ipsec security-association lifetime seconds 3600

crypto ipsec security-association pmtu-aging infinite
crypto ipsec inner-routing-lookup

group-policy AzureGroupPolicy internal
group-policy AzureGroupPolicy attributes
vpn-tunnel-protocol ikev2 
dynamic-access-policy-record DfltAccessPolicy
tunnel-group 40.85.85.40 type ipsec-l2l 
tunnel-group 40.85.85.40 general-attributes
default-group-policy AzureGroupPolicy
tunnel-group 40.85.85.40 ipsec-attributes
ikev2 remote-authentication pre-shared-key sillysmash60
ikev2 local-authentication pre-shared-key sillysmash60
no tunnel-group-map enable peer-ip
tunnel-group-map default-group 40.85.85.40

crypto map outside_map 1 match address Azure-ACL  
crypto map outside_map 1 set peer 40.85.85.40  
crypto map outside_map 1 set ikev2 ipsec-proposal Azure-Ipsec-Tunnel-DAN-40.85.85.40
crypto map outside_map 1 set ikev2 pre-shared-key sillysmash60
crypto map outside_map 1 set security-association lifetime seconds 3600

crypto map outside_map 1 set nat-t-disable
tunnel-group-map default-group 40.85.85.40

crypto map outside_map interface outside

crypto ikev2 enable outside

crypto ca trustpool policy

sysopt connection tcpmss 1350
sysopt connection preserve-vpn-flows