3Com MSR 50 Series Configuration Manual page 1918

1918 C 101: IKE C
HAPTER ONFIGURATION
Analysis
When multiple devices create different IPSec tunnels early or late, a device may
have multiple peers. If the device is not configured with ACL rule, the peers send
packets to it to set up different IPSec tunnels in different protection granularity
respectively. As the preferences of IPSec tunnels are determined by the order they
are established, a device cannot interoperate with other peers in fine granularity
when its outbound packets are first matched with an IPSec tunnel in coarse
granularity.
Solution
When a device has multiple peers, you are recommended to configure ACL on the
device to distinguish different data flows and try to avoid configuring overlapping
ACL subrules for different peers. If it is unavoidable, the subrules in fine granularity
should be configured with higher preferences.