With the implentation of an Azure CSR 1000v Router, we reviewed how we wanted our traffic to flow. We decided, all sites would terminate into the CSR and back to our Head Office with DMVPN, this gave us some redundancy in the event of a failure at either HQ or Azure.
The inbuilt Azure VPN would remain in place between itself and HQ, traffic between the two sites would use this. Whilst remote sites would forward its traffic out of the CSR router. As sites were migrated over to the DMVPN solution, we added them into the Route table that had been applied to all subnets bar the dedicated CSR subnet that we had created within our vNET (6 in total)
The route table would be used to forward any traffic destined for the /24 networks we defined, to the internal IP of our CSR router.
we set this up with a 10.0.0.0/8 traffic to forward to the virtual gateway (which led to the original Azure VPN). Then the more specific subnets (/24 in the above example) takes precedence.
Once I have implemented the ASAv into our environment – an additional post will cover the use of route tables for this feature to filter traffic.