You don't need IPS, it is much easier to use NBAR on your outside router (or any router between the source host and the Internet connection). NBAR can match specifically on p2p connections and can either be dropped completely or rate-limited.A sample...

When you modified the ACL you most likely lost this line:nat (inside) 0 access-list nonat Just add it again and it should be fine.

Hi, can you post the configuration from the ASA?

Hi, my understanding is that the FragGuard feature - if enabled - always does virtual reassembly of fragmented IP packets, regardless of the MTU settings. This feature is used to protect against attacks that are using fragmented packets, and not to f...

Hi you need to provide some more information, attach a sanitized configuration and the output from debug crypto isakmp and debug crypto ipsec when the tunnel is not coming up.