Hi Antonio,
Do you require IPSEC communication between the VNets? And are the VNets in different Azure Tenants or same?
The reason I ask is because Vnet peering for example is much faster and easier, but it requires the Vnets to be in the same Azure AD in a multiple subscription scenario or in the same subscription.
If IPSec is required you would need the Site-to-Site approach. The Public IPs are public but since it's all Azure and probably in the same region it will run over the Azure Backbone. But still public internet.
Regards
Pascal