Also don't forget you need to add the firewall filter to accept and forward requests from the Azure Subnet to the On premise Subnet,
You need the Nat rules for both incoming and outgoing Azure to On premise and On premise to azure (place above 0) one rule for each,
And you should (in some cases) ensure you add an IPsec route for the subnet in Azure with the Gateway IP from that subnet as next hop.
/interface/wifiwave2/registration-table print посмотри устройства если оно уже там есть попробуй удалить