I have a VNet which contains a number of subnets hosting Windows and Ubuntu VM’s. Connections from on-prem servers to these Azure VM’s on anything other than TCP/3389 or ping/traceroute doesn’t appear to get past the ExpressRoute gateway.
These are not running local firewalls and they don’t have any NSG’s attached.
On-prem access to this VNet is via an ExpressRoute circuit, and routing to/from these VM’s appears fine.
Using psping/nc, connectivity between Azure VM’s in works fine for all listening ports (TCP/135, TCP/445 etc.)
Connections initiated from the Azure VM’s to on-prem servers also works fine.
I ran the ExpressRoute circuit troubleshooter to compare on-prem > Azure connectivity for both TCP/3389 and TCP/445. They both return the same results.