https://bugzilla.redhat.com/show_bug.cgi?id=1908782 made changes to allow IKE, ESP and Nat-t traffic required for IPSec-enabled cluster. However, the changes were only made for IPI installations. Similar changes need to also be made for UPI installations.
Verified this bug on UPI on aws/openstack/gcp