When I did an extended ping from R0 and R2, found that:

R2#
*Mar 5 22:11:49.403: ISAKMP:(1001): IPSec policy invalidated proposal with error 32
*Mar 5 22:11:49.407: ISAKMP:(1001): phase 2 SA policy not acceptable! (local 172.16.0.2 remote 172.16.0.1)
*Mar 5 22:11:49.415: ISAKMP:(1001):deleting node 1673201950 error TRUE reason “QM rejected”
R2#
*Mar 5 22:12:17.387: ISAKMP:(1001): IPSec policy invalidated proposal with error 32
*Mar 5 22:12:17.391: ISAKMP:(1001): phase 2 SA policy not acceptable! (local 172.16.0.2 remote 172.16.0.1)
*Mar 5 22:12:17.403: ISAKMP:(1001):deleting node 928163075 error TRUE reason “QM rejected”

R2#sh crypto session
Crypto session current status

Interface: FastEthernet1/0
Session status: UP-ACTIVE
Peer: 172.16.0.1 port 500
IKE SA: local 172.16.0.2/500 remote 172.16.0.1/500 Active
IPSEC FLOW: permit ip 192.168.127.0/255.255.255.0 10.0.0.0/255.255.255.0
Active SAs: 2, origin: crypto map

R0#sh crypto session
Crypto session current status

Interface: FastEthernet1/1
Session status: UP-ACTIVE
Peer: 172.16.0.2 port 500
IKE SA: local 172.16.0.1/500 remote 172.16.0.2/500 Active
IPSEC FLOW: permit ip 10.0.0.0/255.255.255.0 192.168.127.0/255.255.255.0
Active SAs: 2, origin: crypto map

IKE phase 1 and phase 2 both have no problem, the problem lies with crypto access-list

for R0 I change the access list destination to a network instead of a specific host.

I did the same for R2

R0 access list:

ip access-list extended PROTECT_TRAFFIC <cr>

permit ip 10.0.0.0 0.0.0.255 192.168.127.0 0.0.0.255 <cr>

R2 access list:

ip access-list extended PROTECT_TRAFFIC <cr>

permit ip 192.168.127.0 0.0.0.255 10.0.0.0 0.0.0.255<cr>