Are there any resources available on how to setup an asav in Azure and get a simple static nat to a web server working?

I am evaluating the asav for our new saas product but I just can't seem to get this simple example to work.  

I have followed the cisco Getting Started Guide and have deployed an asav with 4 interfaces (outside, inside, dmz, management).  I also setup a web server in the inside subnet with a static ip.  I then added a secondary public ip to the outside nic, using the azure portal, and mapped it to a private static ip on the outside subnet. 

I next setup a static nat from the secondary outside ip to the inside ip of the web server.  I then added an acl to the outside interface allowing traffic to access the inside webserver's ip. I ran a test with the cli Packet-Tracer and it says everything is allowed. 

When I try to hit the website through the public ip the asav is allowing the syn to reach the web server (verified on the webserver).  However the syn-ack is not reaching my test pc.  I have used the packet capture tool in asdm to verify the packet is arriving at the asav.  By default it was not, I had to add a new default UDR to the inside azure routing table pointing at the asav.  Once I added that UDR the syn-ack makes it to the asav's inside interface, but that's it.  Packet capture is not showing any traffic leaving the outside interface back to my PC.

I'm guessing I have something configured wrong in Azure but I can't find any more documentation of what a fully correct setup looks like.  Does anyone have any more information they can point me at?

Thanks,

Paul