I'm working with a client who has an ASA that has site-to-site IPSec VPN connections to both an Azure environment as well as a Rackspace environment. They can access either environment from the office, but servers in Azure are unable to ping to servers at Rackspace and vice versa. I've tried everything that I know of as well as everything I've found while searching but I still cannot get this to work. Any help is greatly appreciated. 

Pared down config:

ASA Version 8.4(3) 

!
interface GigabitEthernet0/0
 nameif outside
 security-level 0
 ip address ********** 
!
interface GigabitEthernet0/1
 nameif inside
 security-level 100
 ip address 10.2.0.1 255.255.255.0 standby 10.2.0.2 
!
interface GigabitEthernet0/2
 shutdown

 nameif DMZ
 security-level 50
 ip address 172.16.1.1 255.255.255.0 standby 172.16.1.2 
!
interface GigabitEthernet0/3
 description LAN/STATE Failover Interface
!
interface Management0/0
 shutdown
 no nameif
 no security-level
 no ip address
 management-only
!
same-security-traffic permit intra-interface

object network RackSpace-network
 subnet 192.168.100.0 255.255.252.0

object-group network azure-networks
 network-object 172.16.16.0 255.255.252.0

object-group network onprem-networks
 network-object 10.10.0.0 255.255.0.0
 network-object object 10.35.0.0
 network-object object 10.250.250.0

object-group network azure-onprem-networks
 network-object 10.10.0.0 255.255.0.0
 network-object 10.35.0.0 255.255.252.0
 network-object 10.250.250.0 255.255.255.0

access-list inside_access_in extended permit ip 10.0.0.0 255.0.0.0 object RackSpace-network 
access-list inside_access_in extended permit ip any object-group azure-networks 

access-list VPNsplitTunnelAcl standard permit 10.0.0.0 255.0.0.0 
access-list VPNsplitTunnelAcl standard permit 192.168.100.0 255.255.255.0 
access-list VPNsplitTunnelAcl standard permit 172.16.16.0 255.255.252.0 

access-list outside1_access_in extended permit ip object RackSpace-network 10.10.0.0 255.255.0.0 

access-list outside_cryptomap extended permit ip object-group onprem-networks object RackSpace-network
access-list outside_cryptomap extended permit ip object group onprem-networks object RackSpace-network
 
access-list azure-vpn-acl extended permit ip object-group azure-onprem-networks object-group azure-networks 

nat (inside,outside) source static onprem-networks onprem-networks destination static RackSpace-network RackSpace-network

nat (inside,outside) source static azure-onprem-networks azure-onprem-networks destination static azure-networks azure-networks

nat (outside,outside) source static RackSpace-network RackSpace-network destination static azure-networks azure-networks