I have change local network to Any to carry traffic from any external IP?
Yes, if you are using policy based IPSec and need to keep using that. The policy has to match that traffic and the source IP could be any IP.
But if you do that it will match traffic at the other end for 'any' destination. All traffic from site1 will go over the IPSec tunnel. Which you probably don't want.
A route based VPN tunnel of some sort would give you more options.