share the config 

!--- These are the Internet Key Exchange (IKE) parameters.

crypto isakmp policy 10
encr aes-256
hash sha-256
group 14
lifetime 28800
authentication pre-share
crypto isakmp key @S8ftW0rKs_WemS! address 195.43.215.1
!
!

!--- These are the IPSec parameters.

access-list 105 permit ip 204.242.130.30 0.0.0.0 172.27.5.41 0.0.0.0
!
crypto map wema_map 10 ipsec-isakmp
set peer 195.43.215.1
set transform-set wema_set
match address 105
crypto ipsec transform-set wema_set esp-aes-256 esp-sha-hmac
!

!--- Encrypt traffic to the other side.

!
interface l0
ip nat outside
crypto map wema_map
!
interface g0/1
ip nat inside

!
!

ip route 172.27.5.40 255.255.255.255 65.173.38.26

this not complete config 
there is NAT so I think the issue is there 
you must deny traffic from  ip 204.242.130.30 0.0.0.0 172.27.5.41 0.0.0.0 in ACL or NAT 
otherwise the traffic NATing not encrypt

Thanks for your response.

This is a single IP permitted to talk to a single node at the remote end.

access-list 105 permit ip host 204.242.130.30 0.host172.27.5.41 <<- the wildcard must be 255.255.255.255 if it host 
even so you need to exclude this traffic from NATing 

Oh well, I thought the wildcard for a single node should be 0.0.0.0.

Please assist with the NATing config to apply. Thanks