First, in my experience most (aka all) problems with site-to-site VPN has been caused by a misconfiguration on the customer side of the VPN. One item that may help you is to use WFP logs on the Azure gateway VM which can be enabled via the Microsoft Azure Virtual Network Troubleshooter package which is available from: https://home.diagnostics.support.microsoft.com/SelfHelp?knowledgebaseArticleFilter=2996010.
Second, until fairly recently, the only options for diagnosing VPN connection problems were to either troubleshoot via logs from the on-premises VPN gateway, or open an Azure support ticket for assistance with troubleshooting from the Azure side of this VPN tunnel. With the latest Azure PowerShell module, you also have the ability to directly troubleshoot VPN connections from Azure with three PowerShell cmdlets:
- Start-AzureVNetGatewayDiagnostics,
- Stop-AzureVnetGatewayDiagnostics, and
- Get-AzureVNetGatewayDiagnostics
Downloadable Script
Third, grab this script for troubleshooting Virtual Networks in Azure from the TechNet Script Center that helps to leverage some of the new cmdlets.
Download Azure Virtual Network Gateway Diagnostics Script