When the IPsec tunnel is formed, traffic is sent between the IPsec
terminating equipment/client at the remote office and the VPN concentrator
located at the other end. The source and destination networks are not seen
while the data is encrypted over the WAN. Only through a configuration
error could the traffic be sent unencrypted from source to destination. It
makes no difference that you have multiple WAN links, or even that a
potential for an asymmetrical traffic flow exists. The source and
destination address as it appears in the WAN cloud always remains the same.
Best regards,
Mike Braun