the public IP couldn't communicate after IPSec configuration

After checking the configuration of this site. we found customer permit all IP traffic in ACL 3999 which used for ipsec policy

# 
acl name p_Ethernet0/0/0_1 3998 
rule 5 permit ip
#
ipsec proposal p_to_p_vpn1
esp authentication-algorithm sha1
esp encryption-algorithm 3des
#
ike proposal 1
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm sha1
prf hmac-sha2-256
#
ike peer p_to_p_vpn1 v1
pre-shared-key cipher %^%#XeyNW1QmUWl}t\1ttQ4)D]nS%Zs8.$Av:wUPEO67%^%#
ike-proposal 1
local-id-type name
nat traversal
remote-address 10.1.10.25
#
ipsec policy p_to_p_vpn 1 isakmp
security acl 3998
ike-peer p_to_p_vpn1
proposal p_to_p_vpn1
#
interface Vlanif1
ip address 192.168.2.1 255.255.255.0
dhcp select interface
dhcp server dns-list 8.8.8.8
#
interface Ethernet0/0/0
undo portswitch
tcp adjust-mss 1460
ip address 10.1.10.99 255.255.255.0
ipsec policy p_to_p_vpn
nat outbound 2999
#

After set the fixed ACL according custoemr environment, then this issue solved. Since the orginal setting contained flow that from 10.1.10.99 to10.1.10.25, so the ping was affected by orignal setting.

#

acl number 3998   

rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255

#