the iap is an http proxy, so you need a way to send non-http traffic. this might require client modifications (not everything is proxy-aware), and you can't always modify the source.
some protocols are udp and latency sensitive, which doesn't work well enough tunneled
some protocols are udp and latency sensitive, which doesn't work well enough tunneled