Great article here from Richard Hicks

Enable Cross-Premises Connectivity to Windows Azure with Forefront Threat Management Gateway (TMG) 2010