Hello Sourav Bhattacharya
Welcome to Microsoft Q&A Platform, thanks for posting your query here.
Yes, that's correct. If you have set up a public IP range to access the AKS API server, then ACI pods won't be able to reach the AKS API server. This is because the virtual node subnet is delegated to Azure Container Instances (ACI), and the IP addresses used by the virtual nodes are not included in the authorized IP ranges for the AKS API server.
Regarding your second question, virtual nodes can work in a private cluster. However, you need to ensure that the virtual network and subnet used by the virtual nodes are properly configured to allow communication between the virtual nodes and the AKS cluster.
Hope that helps.