IPSec Site To Site tunnel working with Gateway ACLs on!

Configured two 7212 (Office1 / Office2) IPSec VPN working, with firewall wide open. 

 Also configured OpenVPN server for 1 client to connect on both sides.

Configured Gateway ACLs

1 - Allow OpenVPN (PortGroup > LAN)

2 - Allow IPSec (UDP 50,51,500,4500) > LAN

3 - Deny All from WAN to LAN

When using the OpenVPN client (From remote) and I turn off the OpenVPN Allow Rule I can not connect. I turn on the Open VPN Allow Rule I can connect. So the gateway ACL for Open VPN seem to work.

IPSec Site to Site VPN does not work with the Deny ALL rule enabled, no matter how I configure the IPSec Allow Rule (Ports, IP Ranges etc...)

So the only way I can have my Site to Site VPN up if the Gateway is left Wide OPEN! 

For now I have NO Site to Site VPN, becasue fo this I would like to get a solution to this problem in the next 15 days so I can return both of these units if this can not be done.

I found many articles and videos about how to setup the IPSec tunnel on Omada, none of them talks about ACLs as in a secured network with IPSec. :(