Hello @Anonymous ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you have a few questions regarding site-to-site VPN. I've answered them below:
1. If I want to connect my java web app running in azure VM to different client sites via site-to-site VPN dynamically depending upon some parameter, is this possible?
I'm not sure if I understand this ask correctly, but since you've mentioned "site-to-site VPN dynamically depending upon some parameter", I'm assuming you are referring to dynamic routing or what is called Route-based VPN in Azure.
It is possible to connect to multiple client/on-prem sites via site-to-site VPN using route-based VPN type. The number of tunnels a VPN gateway can have differs according to the VPN gateway SKU that you use.
You can use the default IPsec/IKE parameters of Azure VPN gateway, or you can also use Custom IPsec/IKE parameters with specific cryptographic algorithms and key strengths, rather than the Azure default policy sets. Azure VPN gateways support per-connection, custom IPsec/IKE policy meaning you can create and apply different IPsec/IKE policies on different VPN connections.
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-compliance-crypto
You can also enable BGP, which is an optional feature available with Azure Route-Based VPN gateways to support automatic and flexible prefix updates.
Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-bgp-overview
https://learn.microsoft.com/en-us/azure/vpn-gateway/bgp-howto
2. If multiple clients have same CIDR in their side of VPN then how to connect to different client from same Azure VM?
Azure VPN Gateway supports NAT (Network Address Translation) which allows you to connect on-premises networks or branch offices to an Azure virtual network with overlapping IP addresses. NAT defines the mechanisms to translate one IP address to another in an IP packet.
To connect two or more networks with overlapping IP addresses, you can configure NAT on your Azure VPN gateway. NAT on the VPN gateway translates the source and/or destination IP addresses, based on the NAT policies or rules to avoid address conflict. There are different types of NAT translation rules which are used to define address mapping or translating relationship for the corresponding network address spaces. You can find more information in the below docs.
Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/nat-overview
https://learn.microsoft.com/en-us/azure/vpn-gateway/nat-howto
Make sure to take a look into the NAT limitations before you start.
Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/nat-overview#nat-limitations
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.