Hello,

looking at your config again, it looks like you are missing a few things still. Add the lines in bold:

interface GigabitEthernet1/1
channel-group 10 mode active
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/2
channel-group 10 mode active
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/3
channel-group 20 mode active
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/4
channel-group 20 mode active
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/5
!
interface GigabitEthernet1/6
!
interface GigabitEthernet1/7
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/8
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
nameif management
security-level 0
!
interface Port-channel10
lacp max-bundle 8
no nameif
no security-level
no ip address
!
interface Port-channel10.200
no nameif
no security-level
no ip address
!
interface Port-channel10.3001
vlan 3001
nameif outside-isp1
security-level 0
ip address 115.42.250.6 255.255.255.248
!
interface Port-channel10.3002
vlan 3002
nameif outside-isp2
security-level 0
ip address 118.189.59.68 255.255.255.248
!
interface Port-channel20
lacp max-bundle 8
no nameif
no security-level
no ip address
!
interface Port-channel20.20
vlan 2020
nameif inside
security-level 100
ip address 10.0.20.254 255.255.255.248 standby 10.0.20.253
!
dns domain-lookup outside-isp1
dns server-group DefaultDNS
name-server 8.8.8.8
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network yahoo.com
host 106.10.248.151
description yahoo.com
object-group network obj-local
description Azure to Office
network-object 10.0.0.0 255.255.0.0
network-object object yahoo.com
object-group network obj-remote
description AZURE
network-object 10.100.0.0 255.255.0.0

access-list azure-map extended permit ip object-group obj-local object-group obj-remote
access-list outside-isp2_cryptomap_2 permit ip any 10.100.0.0 255.255.0.0

mtu management 1500
mtu dmz 1500
mtu outside-isp1 1500
mtu outside-isp2 1500
mtu inside 1500

nat (inside,outside-isp2) source static obj-local obj-local destination static obj-remote obj-remote
nat (inside,outside-isp2) dynamic interface <-- add this to obj-local
nat (outside-isp2,outside-isp2) dynamic interface <-- add this to obj-remote

!
route outside-isp1 0.0.0.0 0.0.0.0 115.42.250.6 1 track 1
route outside-isp1 10.0.0.0 255.0.0.0 115.42.250.6 1 track 1

route outside-isp2 0.0.0.0 0.0.0.0 118.189.59.68 10
route outside-isp2 10.0.0.0 255.0.0.0 118.189.59.68 10

crypto ipsec ikev1 transform-set aes-sha-hmac esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set azure-ipsec-proposal-set esp-aes-256 esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal AZURE
protocol esp encryption aes-256
protocol esp integrity sha-256

crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association lifetime kilobytes 102400000
crypto ipsec security-association pmtu-aging infinite

crypto map outside-isp2_map0 1 match address outside-isp2_cryptomap_2
crypto map outside-isp2_map0 1 set peer 52.187.32.142
crypto map outside-isp2_map0 1 set ikev1 transform-set azure-ipsec-proposal-set
crypto map outside-isp2_map0 1 set reverse-route
crypto map outside-isp2_map0 interface outside-isp2
crypto isakmp identity address

crypto ikev2 policy 1
encryption aes-256
integrity sha256
group 14
prf sha256
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 remote-access trustpoint SSL-TrustPoint
crypto ikev1 enable outside-isp1
crypto ikev1 enable outside-isp2
crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
!
track 1 rtr 1 reachability
telnet timeout 5
error-recovery disable
vpn-tunnel-protocol ikev1 ikev2 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value POC-SPLIT-TUNNEL
dynamic-access-policy-record DfltAccessPolicy

tunnel-group 52.187.32.142 type ipsec-l2l
tunnel-group 52.187.32.142 ipsec-attributes
!
class-map inspection_default
match default-inspection-traffic
!