Hello everybody,
this is my first time asking here. I have tried to search for it but usually found opposite problem (local to IPSEC, working ok here).
I have a local network 192.168.13.0/24
there are 2 IPSEC tunnels - 192.168.16.0/24 (to our server using pfsense - i can connect to any machine there) and 192.168.15.0/24 (office)
i have just installed a miniPC here (windows11), tunnels are ok, i can connect there to all needed RDP. But when i am on a terminal 192.168.16.12 i can’t connect home. I can ping the Mikrotik (192.168.13.1), i can’t neither ping neither connect to RDP to the new machine 192.168.13.3. i have tried to add firewall rule with source 192.168.16.0/24 to any protocol and it’s not working. can anybody help? As for a newbie please, preferably to do it from webfig. When i purchased the router, i was able to get much more inside, but as i did not need it for several years, i forgot most of it 
but - a rule with dest port 80 and source address .16.0 allowed me access to webfig from to 16 network - also synology on .13.8 is ok. But if i do it with other protocol or port, it’s not.
And when i put no protocol, no port (so i hope it’s “all”) nothing goes through.
Thanks
Honza
It’s difficult to guess without seeing RouterOS configuration.
You say that incoming (from RouterOS perspective) traffic works, but forwarding doesn’t. Except you somehow managed to access your local 192.168.13.8:80 over the IPsec tunnel from remote 192.168.16.0/24. It appears to me that IPsec is configured such that traffic selection policies are correct and its the firewall (or policy routing, if you have one) that creates a problem.
Enable logging on every drop / reject and NAT rules in your firewall and watch the log, with luck you will identify the culprit.