✅ Confirmed by Microsoft: The inbound traffic issue with IKEv2-based P2S VPN in Azure is a known platform limitation. Azure doesn't symmetrically route return traffic from VM to VPN client unless the client initiates the session — resulting in broken ICMP or similar inbound flows.
✔️ OpenVPN works better in these scenarios due to how Azure handles its routing behavior internally. It treats OpenVPN clients more reliably as routable endpoints, resolving the asymmetric routing problem.
⚠️ IKEv2 relies heavily on traffic selectors, and return traffic isn't always respected by Azure's routing logic.
🧠 Recommendations included:
Switch to OpenVPN ✅
Use NAT if your VPN Gateway supports it
Consider Azure Virtual WAN or BGP
Use forced tunneling
Implement reverse proxies for inbound communication