VPN Site-to-Site On-prem cant reach Azure VM

Hello,

I followed this KB: https://support.sophos.com/support/s/article/KB-000036980?language=en_US

The VPN tunnel is up and working, I can ping my on-prem from Azure, but I can't ping the Azure VMs from my LAN.

VM firewall is already disabled.

The VPN Setup already created the 2 firewall rules.

What I am missing? 

I am using Sophos XG v18, and this kb is for v17. I dont know, maybe something is missing.

I appreciate any help.