Azure Virtual Hub to on-prem connectivity

Try to locate and fix the problem by below:

• Check Azure Network Security Groups (NSGs): Ensure that the NSGs associated with your Azure VM and Virtual Hub allow traffic on ports 53, 636, and 389. Double-check the inbound and outbound rules to confirm that these ports are not blocked.
• Verify On-Prem Firewall Rules: Confirm that the on-prem firewall rules are correctly configured to allow traffic from the Azure IP address on ports 53, 636, and 389. It's good that you've already checked this, but it's worth another look.
• Inspect VPN Gateway Configuration: Ensure that the VPN gateway is correctly configured to handle the required ports. Sometimes, specific configurations or settings might be needed to allow certain ports.
• Check Routing Tables: Verify that the routing tables in both Azure and your on-prem network are correctly set up to direct traffic to the destination server.
• Enable Diagnostic Logging: Enable diagnostic logging on the VPN gateway and NSGs to capture detailed information about the traffic flow. This can help identify where the traffic might be getting dropped.