Got a customer environment running entirely in azure including the NetScaler.
Connections through the NetScaler GW on TCP are working just fine. UDP connections inside Azure are also working fine. UDP connections externally are not working. Failing back to TCP works. The policy has been set to 'preferred'.
So I figured it must be a network / firewall issue.
The NetScaler is configured in single IP mode. So the GW VIP runs on port 4434. I created a port redirection in the external loadbalancer of Azure to redirect port UDP 443 to 4434.
UDP ports from netscaler to VDA are allowed, since all is working fine within Azure.
DTLS connections are enabled and certficate is unbound and bound.
Network Security group is set to accept any/any/any (test!)
All I can think of is there is something wrong with the redirection, anyone else a different tought?