Hello Everyone - I am new to Cisco and I might use terminologies or terms that might not sound familiar to you, I apologies in advance for it.
I have Cisco ASA version 9.4(4)17 Firewall with 7.8 ASDM version, I have site-to-site VPN connection to our azure site with Identity NAT enabled for VNETS through inside and outside interface. Recently, I create new VNET in azure and I am trying add it in existing VPN connection and create Identity NAT for it similar to other VNETS.
I create NAT with the following settings similar to other VNET NAT, I can reach my on-prem network fine but I cannot ping VNET from on-prem network. I have Dynamic (Hide) NAT (see below) which is sitting at the end of NAT Rule table, if I move the rule above Dynamic rule I can reach Azure site but then my internal DNS stops working and if I move the rule below Dynamic it is hitting Dynamic (hide) NAT and the packets are dropped. Does anyone know why this is happening.
VNET NAT Rule
Dynamic(hide) NAT
Rule Order
Packet Trace Result