Hi all,
I have IKEv2/IPsec with MS Azure, tunnel is working well, I can RDP/SSH/Ping from Azure to my on-prem devices and vice versa.
However, I would like to rout all internet-bound traffic from Azure over my on-prem gateway.
I’ve done all necessary steps from https://learn.microsoft.com/en-us/azure/vpn-gateway/site-to-site-tunneling#establish-s2s-vpn-connections,
Default Site is configured properly, just can’t figure out how to do “At this point, all Internet-bound traffic is now configured to be force tunneled to DefaultSiteHQ. The on-premises VPN device must be configured using 0.0.0.0/0 as traffic selectors.”
Can somebody help with creating 0.0.0.0/0 as traffic selector? 
I’m bit confused how to do it…
How to rout internet trafic over my local GW from Azure?
I’ve made it work.
I enabled IPsec log rule and found out IPsec policy was not matching 0.0.0.0/0 <=> 10.100.0.0/16 (Address space in Azure) .
After adding this policy, routing started work.