Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to advertise the Public IP of Azure Load Balancer via S2S Tunnel.
Unfortunately, this won't be feasible.
- Azure VPN Gateway can only advertise the VNet range via the S2S Tunnel.
- The IP address of the Load Balancer will be advertised to internet only from Azure End. (it does not belong to VNet i.e, LB is not bound to any VNet)
- The use case of VPN Gateway is to provide encryption for the private range only, not for public IPs.
In case encryption is your priority,
- You should configure the backend VMs/VMSS of the LB to provide TLS/HTTPS support
- Or you can consider using App gateway instead of Azure LB (in case backends could not provide TLS)
- Configure an Application Gateway with TLS termination
- What is TLS Termination
- In any case, traffic to the Public IP will go via Internet only
Kindly let us know if the above helps or you need further assistance on this issue.
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.