I have set up a Site-to-Site IPSEC connection between my customers Vnet in Azure and their on-premise network.
I all works just fine and the routing works fine for the address spaces in the tunnel.
Now, they want to specify address ranges that exists on the Internet to route through the VPN tunnel and reach Internet from their on-premise network. With other words, they want forced tunneling but only for specific addresses. Is this possible to set up in Azure in some way?
+1 to @Craig Wilson This is exactly how to can accomplish this. You can use the tools in network watcher to verify the traffic flow as well. IP flow verify and Next hop utilities can confirm its routing to your liking.