I didn't get it to work using IPSecurity and Web.config either.
What DID work for cloud services was using ACLs in ServiceConfiguration.Cloud.cscfg
See this post for details: http://blogs.msdn.com/b/walterm/archive/2014/04/22/windows-azure-paas-acls-are-here.aspx