Thank you, however, what is the expected behaviour if I don't use round-robin? and just serve multiple IP's for a single record in the event that one of the returned IP addresses does not result in a successful connection. 

I use an azure traffic manager form the primary connection, however in the event that the primary connection fails and the backup servers is used e.g vpn-backup.contoso.com and that record has multiple IP addresses would AC cycle through each IP or just pick the first IP from the list and ignore all other IP's of the first one in the list fails?

If DNS send multi IP to vpn client then it will always use first one' and if it failed it will not try other IP.

In link I share' the control of which IP vpn client will use done by dns round-Robin.

MHM

I beleive that a failure would be a transient issue, where the traffic managed would detect a failure and mark one of the headends as down. The next DNS query would return a available headend if you had a low TTL. Ofcourse not ideal from a user experience perspective, as the user has to click connect again. There are few optimizations you can do :

1) Add a backup server in the anyconnect profile, so that if primary fails, it will again do a 2nd DNS query for the backup-server and that should return a available one. Keep in mind that anyconnect backup server timeouts are pretty bad and not configurable, and it can over 30 seconds to failover to backup servers in the profile

2) you can also have a traffic load balancer(not dns) that will use the same ip but load balance to different headend on the backend, so that way you dont have worry about DNS. Or you could use in combination with a DNS load balancer especially for geographical load balancing.

Hope that helps

**Please rate as helpful if this was useful**