unable to add azure VM to domain on-premises

I'm new to azure, I'm currently doing a POC by extending Active Directory on site to azure.
The client wants a virtual machine to be the domain controller, he does not want to use Azure AD.
I've configured the site-to-site VPN, I can ping and browse the virtual machine from the on-premises network, but I can not do it from the virtual machine to my on-premises network.
I can ping my firewall from Azure, but nothing more. Because of this, trying to join the virtual machine to the domain fails.