Is that an inflexible rule ?

Not necessarily, but there can be issues.

You can't pass, unfragemented, packets that are bigger than the SMALLEST MTU in the path. The packets may or may not be fragmented by the configuration on those transit routers. If fragmentation is allowed, the packets will still pass through. This is usually not desired as it increases load.

Example:

MTU
R1:1500<->R2:1500<->R3:1500<->R4:1350<->R5:9000<->R6:1500

In the following example, the highest MTU you can have without fragmentation is 1350, since it is the lowest in the path. This usually isn't a concern, unless those routers in the transit path do not allow for fragmentation. With enterprise grade equipment, you can run a ping and give it the "df" flag for 'do not fragment'. You will statically set the size of the ICMP and see if it can pass. This is a good troubleshooting method for scoping out possible mtu issues.

On your IPSec scenario, the client should be automatically adjusting your MTU for you (as in the ipsec software). The Cisco IPSec client automatically adjusts your MTU to 1200. Additionally, routers can be configured to adjust the mss and this is relayed between the router and client. It will adjust the MTU for the end-to-end communication, versus ip mtu which is for egress traffic.

A lose rule of thumb, is go smaller on your clients, and stick to the RFC standards/manuf best practices for your routing. If you have enterprise grade routers, make adjustments to the VLAN and WAN interfaces as appropriate.

On all of my equipment that does lan-to-lan ipsec, I adjust the MSS to 1200 on the vlan, because that's what Cisco does to your PC - and it always works. :)