Site to Site VPN one-way traffic Azure <-> Cisco ASA

We have a site-to-site static routing VPN (classic VPN, not ARM) attempting to connect to a remote Cisco ASA 5555 (a supported VPN device).

The on-premise network can successfully initiate the tunnel to Azure, at which point the machines on Azure are able to access resources on the on-premise network.

But if we disconnect this (our use-case will not be the local network initiating the connection), then Azure is unable to initiate the connection to the Cisco side.

Inside the VNet diagnostics file I can get from Azure, I see the following entries just before the connection fails:

Failure type: IKE/Authip Quick Mode Failure
Type specific info:
Failure error code:0x00003610
Error processing Notify payload
Failure point: Local
Keying module type: Ike
QM State: State corresponding to first roundtrip
QM SA role: Initiator
Mode: Tunnel Mode

Followed by:

[0]xxxx.xxxx::01/28/2016-03:51:23.171 [ikeext] 4|xxx.xxx.xxx.xxx|Processing LIFETIME change QM Notify
[0]xxxx.xxxx01/28/2016-03:51:23.171 [user] |xxx.xxx.xxx.xxx|IkeProcessLifetimeNotify failed with Windows error 13840(ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY)
...
[0]xxxx.xxxx::01/28/2016-03:51:23.171 [ikeext] 4|xxx.xxx.xxx.xxx||SendNotify: mmSa 000000xxxxxxxxx cookie eebff5bc state 6 messId 1
[0]xxxx.xxxx::01/28/2016-03:51:23.171 [ikeext] 4|xxx.xxx.xxx.xxx||Error code 13840(ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY) doesnt map to any RFC notify type
[0]xxxx.xxxx::01/28/2016-03:51:23.171 [ikeext] 4|xxx.xxx.xxx.xxx||NOT sending any notify
[0]xxxx.xxxx::01/28/2016-03:51:23.171 [ikeext] 4|xxx.xxx.xxx.xxx||Deleting QM.  MM: 000000xxxxxxxxx QM: 000000xxxxxxxxx

Can anyone shed light on what LIFETIME change QM Notify is or help in any way, or RFC notify type, and what to try next?

Thanks in advance,

Graeme