Hello Samir
My apologies, my previous post was incorrect. It is the IP addresses of the GRE tunnels that are being matched here, not the tunneled traffic itself. So you could indeed specify the specific tunnel addresses in the ACL and the result would be the same.
Just a note here, in your configuration above, it seems that you are permitting specific hosts (the tunnel IP addresses) but in your second ACL statement you are permitting everything, which is redundant. You can either permit everything, or choose to permit only the addresses of the tunnels. In any case, the result is the sameā¦
I hope this has been helpful!
Laz