![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 62%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,380 questions
Hello @John Hust
There is no impact but in case of a planned or unplanned maintenance event you have to make sure that the routes are removed or withdrawn automatically from your on-prem VPN device and the traffic is switched over to the other active IPsec tunnel. This will not be done by Azure.
Virtual network gateway in Active/active mode establishes multiple parallel connections between your your on-premises VPN device and both instances of the gateway VMs.
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
In this configuration, each Azure gateway instance will have a unique public IP address, and each will establish an IPsec/IKE S2S VPN tunnel to your on-premises VPN device specified in your local network gateway and connection. Both VPN tunnels are actually part of the same connection. You will still need to configure your on-premises VPN device to accept or establish two S2S VPN tunnels to those two Azure VPN gateway public IP addresses.
The traffic from your Azure virtual network to your on-premises network will be routed through both tunnels simultaneously, even if your on-premises VPN device may favor one tunnel over the other.
