Hello David
Within the context of IPsec, there are various components and mechanisms that each perform their own function to make IPsec operate correctly and securely.
One of those mechanisms is the establishment and maintenance of an IKE Phase 2 tunnel, which is used to transmit user data. Another is the encryption mechanisms that take place on the IKE Phase 2 tunnel. These are separate mechanisms that work together and result in an encrypted Phase 2 tunnel.
Now to respond to your statement specifically:
You are correct, the IKE Phase 2 tunnel by definition must encrypt the user data, and ESP is simply one of the methods that can be used to encrypt data on that IKE Phase 2 tunnel. Does that make sense?
I hope this has been helpful!
Laz