You have to add a new ipsec policy for traffic from the Mikrotik IP to the LAN. see my post here: http://forum.mikrotik.com/t/ipsec-disables-local-access-to-routeros/45934/5
You have to add a new ipsec policy for traffic from the Mikrotik IP to the LAN. see my post here: http://forum.mikrotik.com/t/ipsec-disables-local-access-to-routeros/45934/5