Is there any impact to an existing VPN when active /active is enabled?
There is no impact but in case of a planned or unplanned maintenance event you have to make sure that the routes are removed or withdrawn automatically from your on-prem VPN device and the traffic is switched over to the other active IPsec tunnel. This will not be done by Azure.
Virtual network gateway in Active/active mode establishes multiple parallel connections between your your on-premises VPN device and both instances of the gateway VMs.
In this configuration, each Azure gateway instance will have a unique public IP address, and each will establish an IPsec/IKE S2S VPN tunnel to your on-premises VPN device specified in your local network gateway and connection. Both VPN tunnels are actually part of the same connection. You will still need to configure your on-premises VPN device to accept or establish two S2S VPN tunnels to those two Azure VPN gateway public IP addresses.
The traffic from your Azure virtual network to your on-premises network will be routed through both tunnels simultaneously, even if your on-premises VPN device may favor one tunnel over the other.
6 people are following this question.