I am configuring an Azure VPN with site-to-site connectivity to a large enterprise customer. I have configured the following address space:

Now the customer has asked "Could you please send us traffic with one ip address, instead of range (192.168.2.0/27)"

I will only have one VM on the VPN so I can pick any IP in the range, but should I pick one from the Subnet-1 range or the Gateway range? What will the customer see our traffic as coming from?

Edit Once I answered my own question I realised how poor the title was so I've edited it.

The answer is no. Do not use the gateway subnet.

I eventually found exactly what I required on this Microsoft page. Specifically:

And don't deploy VMs or anything else to the gateway subnet.

and

Can I deploy Virtual Machines or role instances to my gateway subnet?

No.

By default, VPN gateways are deployed as two instances in an active/standby configuration, even if you only see one VPN gateway resource in Azure. When planned maintenance or unplanned disruption affects the active instance, the standby instance automatically assumes responsibility for connections without any user intervention. Connections are interrupted during this failover, but they're typically restored within a few seconds for planned maintenance and within 90 seconds for unplanned disruptions.

The new guidance is now - Use at least a /27 address mask for the gateway subnet.