Hi,
I have a question on the inbound route path when deploying CSR 1000V in Azure and using UDR (user defined routes) option for the subnets to route the outbound traffic to the 1000V and make intelligent path selection (possibly with a PBR and Encrypted GRE tunnel to the on-premise router).
Azure documentation states that inbound traffic from express route is handled directly by the Azure Express Gateway bypassing the Virtual Appliance.
'
https://azure.microsoft.com/en-gb/documentation/articles/virtual-networks-udr-overview/
User defined routes are only applied to Azure VMs and cloud services. For instance, if you want to add a firewall virtual appliance between your on-premises network and Azure, you will have to create a user defined route for your Azure route tables that forward all traffic going to the on-premises address space to the virtual appliance. However, incoming traffic from the on-premises address space will flow through your VPN gateway or ExpressRoute circuit straight to the Azure environment, bypassing the virtual appliance.
'
Any help will be much appreciated.