Accessing Azure App scm or kudu in ASE v3

Question

My set up:

• ILB ASE v3
• Azure app service deployed within the ILB ASE v3
• Private DNS zone for the ASE named myase.appserviceenvironment.net with A records for *, @, *.scm pointing to the internal IP 192.168.x.x
• External public IP and an application gateway with HTTP/S rules routing the external IP to myapp.myase.appserviceenvironment.net backend
• Public DNS zone mydomain.com with the @ record pointing to the external IP of the application gateway

All works well, pointing the browser to mydomain.com does navigate to my app as expected. However, I am not sure how to set-up access to scm/kudu which are at myapp.scm.myase.appserviceenvironment.net as that domain name is of course non-routable outside of ASE's Vnet (Chrome returns DNS_PROBE_FINISHED_NXDOMAIN).

I have deployed a Windows 2019 Server VM into the ASE's Vnet and am able to access scm/kudu by remote desktoping into this VM and pointing the browser to myapp.scm.myase.appserviceenvironment.net there; however, that is of course not ideal.

I was able able to deploy a virtual network gateway into the ASE's Vnet and able to set up a VPN connection with the Vnet. The internal IPs 192.168.x.x are navigable in this setup; however, the DNS name myapp.scm.myase.appserviceenvironment.net still doesn't resolve.

So, just wondering if there are better ways to access scm/kudu in this set-up? Would it be possible to have the public DNS zone forward the requests to the private DNS zone via the gateway or to have the VPN connection resolve the private DNS zone's records?

Many thanks in advance for any leads!