Hei NUR AISHAH BINTI MOHD RAHIM,
Thank you for contacting Microsoft community.
There isn't any specific architecture related to the specific problem but it is a scenario that can be solved.
As i gather, you need users to connect to your network via VPN to access the server. This means once user's computer is connected via VPN they will be part of the network and will be able to access the server via RDP (assuming windows server) directly with server's private IP.
This leaves no room for a bastion as that service is used to provide RDP connection to a server through public IP of the Bastion service without exposing public IP of the server, used to access servers over internet.
Essentially leaving you with a simple architecture.
The architecture should be as follows.
- Start with a network that you want the server to be.
- Add a point to site VPN connection configuration to the network.
- Once the user is connected via VPN (P2S) they will be able to access the server via server's private IP
- (NO NEED for Bastion or public IP for server)
A tutorial of sort is provided here, https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-rm-ps
Please accept it as answer if it helped.