Setup:

Configured IPsec site-to-site VPN between azure vnet and on-prem RRAS. I want Azure vm to access internet via on-prem network. Have tried forced tunneling but traffic is being dropped after going through RRAS and hitting the network gateway. We are not doing NAT on-prem.

The traffic coming from Azure VM through VPN tunnel would be decrypted at RRAS to private IPs ? which can not be routed to internet without NAT ?

So i Tried configuring NAT on same RRAS server by setting the demand-dial interface at private and public facing interface as NAT interface but it did not work.... any suggestions ?