Mikrotik,
look at this, another case of reinventing the wheel instead of fixing the IPSec policy redundancy problem! Here is the non exhaustive list of cases I have encountered recently when stumbled upon the same issue
http://forum.mikrotik.com/t/ipsec-priority/91720/2
http://forum.mikrotik.com/t/amazon-aws-vpn-a-working-configuration-example-and-bug/79770/19
http://rant.gulbrandsen.priv.no/amazon/mikrotik-aws-ipsec
My humble suggestion on the topic:
http://forum.mikrotik.com/t/ipsec-enchansments/91686/1
Is this issue under any development?