Hello FunMum,
This could be possible by ensuring the on-premises network can resolve the private endpoint's DNS name. To do this, you need to configure the private DNS zone and ensure the ASR appliance is set up with the correct network settings to route traffic through the VPN.
Additionally, make sure the Recovery Services vault has a private endpoint configured within the same VNet as the existing site-to-site connection. Then, register the appliance with the vCenter Server.
All you need to follow is choosing the same network and its settings which has made for the Site to site configuration.
For your reference: https://learn.microsoft.com/en-us/azure/site-recovery/hybrid-how-to-enable-replication-private-endpoints
Just to let you know, in a classic environment, a site-to-site VPN connection or ExpressRoute private peering is required for reprotection and failback. which you can consider the ASR replication will be possible through Site to Site tunnel.
Below is the link for your reference: https://learn.microsoft.com/en-us/azure/site-recovery/vmware-azure-prepare-failback
Hope this helps!
let us know if you have any further queries. I’m happy to assist you further.
Please provide your valuable comments
Please do not forget to "Accept the answer” wherever the information provided helps you, this can be beneficial to other community members.
Thanks