The following steps outline the various options and scenarios you might want to configure:
Ask your cloud provider for the public IP address of the cloud gateway they provide.
Build a virtual machine running Windows Server 2012 with the Remote Access role and place it in your cloud location. We will refer to this server as URA2.
Configure URA2 as a S2S gateway with two interfaces:
The interface towards the CloudGW will be the IPsec tunnel endpoint for the S2S connection. The IP address for this interface could be a public IPv4 address assigned by your cloud provider or a private IPv4 address of your choice.
If it is a private IPv4 address, the provider should send all the IPsec traffic for the S2S connection from the CloudGW to the Internet-facing interface of URA2. The remote tunnel endpoint configuration in URA1 for the remote site will be the public address that you got in step 1.
If the Internet-facing interface of URA2 is also a routable public IPv4...