Hi,
I am sorry if this seems obvious but I guess I am a NOOB.
Our situation is as follows, we have an Azure subscription that hosts our back office. We essentially replicated the scenario we were employing with Azure... Previously we had two domains hosted at two different datacenters. We maintain no local servers. We have three locations that each has as an endpoint device a Cisco ASA 5505 router that I will call LOC1, LOC2 and LOC3. LOC1 and LOC2 are separate domains and LOC3 belongs to LOC1's domain.
We have a successfull connection between our Azure virtual network and the LOC1. LOC2 and LOC3 have a site-to-site connection to LOC1 and a UTurn/Hairpin site-to-site VPN connections to Azure through the LOC1 site-to-site VPN to Azure. All three locations can see LOC1, and Azure. LOC1 and LOC2 had site-to-site VPNs to their respective datacanters. The domain controllers on Azure were promoted to the primary copntroller for each domain and all FSMO roles transfered from the old data centers and ran all connections were maintained for a month making sure all the servers were running as expected. All seemed to be going well and the old datacenter connections were disabled.
Again all seemed to be working fine until LAN users at LOC2 started experiencing extreemly slow reponse times opening files on their file shares on their DC. Users on the same domain, operating out of LOC1 had no such issues. Remoting via RDP into LOC2, from LOC1 or another network, I have run side by side comparisons of opening files (Excel, Word and Illustrator) and have witnessed the painfully slow operation of opening LOC2 files from Azure while opening the exact same files from LOC1 behaved ideally.
I have engaged Cisco to validate that the routers are all working as they should. There isn't anything in the router setup that would be causing this latency outside the hairpin VPN to Azure. It appears that if I could create a site-to-site VPN to our Azure network from LOC2 directly instead of using the hairpin, we could get the same performance that users at LOC1 experience. That would mean I would have to use a second gateway on Azure but it appears by my research that I cannot add a second gateway to our Azure netwok.
It did look like I could add a second Azure network, but I am extremely confused/unclear how I can make the two Azure networs to talk to each other. My idea would be to move the DC for LOC2 from the existing Azure virtual network and move it to the new Azure virtual network. Take out the hairpin entry in LOC2's ASA and replace it with a site-to-sitre VPN to the Azure's second gateway. LOC1 and LOC2 will see each other normally and (in theory!) users behind LOC2's ASA will experience the same perfomance as the users of LOC1 do to their resources.
I am looking for answers on how to make the two Azure networks act as one network so users from LOC1 will still be able to access to LOC2 resoures and vice-a-versa. Or am I completely messed up here and I should be looking for another option?
Thanks-
Mark