@oscar-pulgarin
"Any" just accepts any identifier. So it isn't verified.
By default IPSec use the interface address, which it is connecting through, as identifier and for incoming connections it expects to see the remote gateway IP.
However, since the endpoint gateway is behind a router, IPSec uses the internal IP 10.206.0.14, which your site doesn't expect and drop the connection.
But IPSec allows you to state a certain identifier IP. Also there are different identifier types.
So if the remote site is behind a NAT router there should be stated its public IP as its identifier.
Anyway if you have stated a certain remote gateway, IPSec only allows connection from this IP. So I don't think, "any" for the remote identifier is a security risk here.
But you can request them to configure their IPSec properly to use the public IP as identifier, or just enter 10.206.0.14.