We have just setup a a site to site IPSec between a Mikrotik and a Sonicwall. The SA’s are installed and the tunnel seems like it’s up. The far end says he can ping the Mikrotik, but nothing else on our LAN. We can’t ping the Sonicwall Or anything else on his network.
I have created the srcnat rule in the 0 position in the NAT firewall according to the Mikrotik IPSec wiki but from the counters I can see that nothing is hitting that rule. Do I need to add routes and firewall rules? Not sure if he needs to add NAT rules. I would assume yes, but I don’t know Sonicwall.
So I found my answer. Even though the policy permits traffic from the remote network it is still processed by the firewall filter rules so I had to create filter rules that permitted the traffic. Also when using the Tik ping tool I had to remember to switch tabs to specify the address to ping from. By default my pings were being dropped because they were seen as if coming from my WAN IP. When I changed that to specify a source IP on the LAN included in the policy it was able to connect.