Hi,
In Azure, SDN takes care of the Public IP to the private IP mapping. Azure VM's guest OS doesn't even know its public IP. To create IPSEC tunnel, between your on-Prem and Azure VM, you can simply use the Public IP of your VM as peer and provide the IP address range of your VNET as the peer IP space.
Regards,
Karthik Srinivas