IPSEC tunnel unable to ping inside

Hi, Just looking for a bit of advice , we have created an ipsec tunnel between a fortigate and a microtik which establishes correctly.
From the microtik side I can ping the fortigate and devices on its network.
From the fortigate side I can ping the microtik but cant get a response from any other devices on that network.

Configured as per http://www.fastbit.ro/en/ipsec-site-to-site-vpn-between-fortigate-and-mikrotik/
I have tried adding a route , and also tried a netmap rule between the ipsec accept rules and the networks masquerading rule with no luck so far.
Any ideas would be greatly appreciated.

config info that might be useful

/ip firewall filter
add chain=input protocol=icmp
add chain=input dst-port=1723 protocol=tcp
add chain=input dst-port=1723 protocol=udp
add chain=input protocol=gre
add chain=input protocol=ipsec-esp
add chain=input comment=“BTest TCP, Winbox.” dst-port=2000,8291 in-interface=
pppoe-out2 protocol=tcp
add chain=input connection-state=established,related
add action=drop chain=input in-interface=pppoe-out2
add chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat connection-state=
new in-interface=pppoe-out2

/ip firewall nat
add chain=srcnat comment=“ipsec brightstars” dst-address=192.168.45.0/24 log=
yes src-address=192.168.3.0/24
add chain=srcnat comment=“ipsec ngala” dst-address=192.168.1.0/24 log=yes
src-address=192.168.3.0/24
add action=netmap chain=srcnat dst-address=192.168.3.0/24 log=yes
out-interface=bridge1 to-addresses=192.168.3.254
add action=masquerade chain=srcnat comment=NAT out-interface=pppoe-out2
add action=dst-nat chain=dstnat comment=“PPTP - GSPDC” dst-port=1723
in-interface=pppoe-out2 protocol=tcp to-addresses=192.168.3.4
add action=dst-nat chain=dstnat comment=“PPTP - GSVR01” disabled=yes
dst-port=1723 in-interface=pppoe-out2 protocol=tcp to-addresses=
192.168.4.3
add action=dst-nat chain=dstnat dst-port=5060 in-interface=pppoe-out2
protocol=udp src-address=203.xxx.xxx.xxx/16 to-addresses=192.168.3.205
add action=dst-nat chain=dstnat dst-port=10020-10083 in-interface=pppoe-out2
protocol=udp src-address=203.xxx.xxx.xxx/16 to-addresses=192.168.3.206
add action=dst-nat chain=dstnat comment=“RDP - GPDC” dst-port=3390
in-interface=pppoe-out2 protocol=tcp to-addresses=10.1.1.4 to-ports=3389
add chain=srcnat disabled=yes dst-address=192.168.1.0/24 src-address=
192.168.3.0/24

/ip ipsec peer
add address=203.xxx.xxx.xxx/32 dh-group=modp1536 enc-algorithm=3des secret=
xxxxxxxx
add address=43.xxx.xxx.xxx/32 comment=“ipsec brightstars” dh-group=modp1536
enc-algorithm=3des secret=xxxxxxxx
add address=203.xxx.xxx.xxx/32 comment=“ipsec ngala” dh-group=modp1536
enc-algorithm=3des secret=xxxxxxxx
/ip ipsec policy
set 0 disabled=yes
add disabled=yes dst-address=192.168.1.0/24 proposal=proposal1
sa-dst-address=203.xxx.xxx.xxx sa-src-address=202.xxx.xxx.xxx src-address=
192.168.3.0/24 tunnel=yes
add comment=“ipsec brightstars” dst-address=192.168.45.0/24 proposal=
brightstarsipsec sa-dst-address=43.xxx.xxx.xxx sa-src-address=202.xxx.xxx.xxx
src-address=192.168.3.0/24 tunnel=yes
add comment=“ipsec ngala” dst-address=192.168.1.0/24 proposal=ngalaipsec
sa-dst-address=203.xxx.xxx.xxx sa-src-address=202.xxx.xxx.xxx src-address=
192.168.3.0/24 tunnel=yes
add comment=“ipsec brightstars” disabled=yes dst-address=192.168.3.0/24
proposal=brightstarsipsec sa-dst-address=43.xxx.xxx.xxx sa-src-address=
202.xxx.xxx.xxx src-address=192.168.45.0/24 tunnel=yes
add comment=“ipsec ngala” disabled=yes dst-address=192.168.3.0/24 proposal=
ngalaipsec sa-dst-address=203.xxx.xxx.xxx sa-src-address=202.xxx.xxx.xxx
src-address=192.168.1.0/24 tunnel=yes

Did you resolve the problem? I’ve the same issue.