@Blane Bunderson Thank you for reaching out to Microsoft Q&A.
I understand that you want to setup a S2S VPN in Azure with the resources in Azure are presented as Public IP addresses instead of regular private IP address ranges.
This is possible if you deploy your virtual network with a Public IP address range instead of a private range. As seen from - Creating a Virtual Network document -
Address space: The address space for a virtual network is composed of one or more non-overlapping address ranges that are specified in CIDR notation. The address range you define can be public or private (RFC 1918). Whether you define the address range as public or private, the address range is reachable only from within the virtual network, from interconnected virtual networks, and from any on-premises networks that you have connected to the virtual network. You cannot add the following address ranges:
224.0.0.0/4 (Multicast)
255.255.255.255/32 (Broadcast)
127.0.0.0/8 (Loopback)
169.254.0.0/16 (Link-local)
168.63.129.16/32 (Internal DNS, DHCP, and Azure Load Balancer health probe)
With this setup, you will have Public IP addresses for the resources in the VM and when this is presented to your on-premise via VPN, it will be presented with the Public IP addresses itself. This is the only way to have Public IP addresses on both inside and outside of the tunnel i.e., before and after encryption. Hope this helps.
Please let us know if you have any further questions and we will be glad to assist you further. Thank you!
Remember:
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
Want a reminder to come back and check responses? Here is how to subscribe to a notification.