What Are the Restrictions of IPSec on ACLs?
The restrictions are as follows:
IPSec applies only to the data flows that are permitted by the ACL rule. You are advised to define accurate ACL rules to permit only the data flows that really deserve IPSec protection. Use keyword any sparely. Set the local ACL rule and peer ACL rule to be mutually mirrored.