Hi joshua
If I understand correctly, you want to keep your IP address private from your servers while maintaining a transparent connection to Azure, right? When I trigger the failover in ASR, I do exactly that, but it's not an Azure-exclusive feature. I perform this process through the firewall. I'll provide the step-by-step instructions below:
Example scenario:
On-premise: 192.168.10.0
Azure: 10.10.0.0
Server 01 on-premise: 192.168.10.10
Server 01 after failover Azure: 10.10.0.10
1- Set up a VPN with Azure using different private networks (the same network as the overlap won't work)
2 - Assuming I've performed a failover for Server-01, the IP 192.168.10.10 will stop responding
3 - Set a static IP of 192.168.10.10 in the firewall's ARP table, so the local network starts identifying 192.168.10.10 as if it were the firewall
4 - Create a NAT rule in the firewall to forward all traffic seeking 192.168.10.10 to 10.10.0.10 (the new server IP in Azure) through the VPN tunnel
Done! In this way, you maintain the 192.168.10.10 address with the firewall forwarding traffic to the new address, and when you perform a failback, you only need to disable the configurations.
Get in touch if you need more help with this issue.
--please don't forget to "[Accept the answer]" if the reply is helpful--