For the flow below, the first selector applies to traffic on to port 20:
ikev2 active esp proto tcp \
from ... port 20 to ... \
from ... to ... \
...
When the first traffic selector does not specify a port, the port
restriction of any following traffic selectors will not have effect:
ikev2 active esp proto tcp \
from ... to ... \
from ... port 20 to ... \
...
The effect can be seen both with `ipsecctl -s all` and by monitoring
traffic with tcpdump.
