GAS projects don't/won't have access to an enterprise organization's internal network resources.

The enterprise organization can't open up holes in the FW to allow GAS IPs to come through because GAS projects, across the globe, across all accounts, across all organizations, run on the same compute that share the same set of IP addresses. See https://developers.google.com/apps-script/reference/url-fetch/#:~:text=Requests%20made%20using%20thi.... for more information. Opening up holes in the FW for these IPs would mean anyone/everyone across the globe would be able to reach them. Yikes!

So I'm wondering, how are organizations handling this? How are they giving GAS projects access to resources inside their private network? 

Secure Data Connector has been retired. See https://developers.google.com/secure-data-connector/?csw=1 for more information.

From what I read, you can't use a VPC/VPN since GAS projects can't leverage an organization's VPC/VPN configuration.

So what to do?