Hi, I followed this step by step religiously https://help.mikrotik.com/docs/display/ROS/IPsec#IPsec-SitetoSiteIPsec(IKEv1)tunnel , the peer connects and establishes, but does not ping from any LAN to another and vice versa, the NAT rules src-nat etc were created, and I even created a static route for IPsec, but no The ping doesn’t work, nor the connection, what can I do?
See the pic for more details
I’ve seen several similar problems here on the forum, I’ve tried them all, but without success.
Are your peers active? Do you have the required IPsec policy enabled, and are your local subnets open for access in the firewall?
add action=accept chain=forward comment="accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" ipsec-policy=out,ipsec
If you need more detailed help, I suggest you upload a complete /export and paste the text between code blocks.
Try to ping between other systems on the networks, instead of using ping on the router itself.
When pinging from the router, be sure to specify the source address.
Yeah, and that too! 
Hi, these rules haven’t changed at all, there is no communication between LANs
see below the configuration
mk1
# may/23/2024 18:21:18 by RouterOS 7.6
# software id = ZJ3M-ESHW
#
/disk
set sata1 name=primary-slave
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048 enc-algorithm=aes-128 \
hash-algorithm=sha256
add dh-group=modp2048 enc-algorithm=aes-128 name=ike1-site2
/ip ipsec peer
add address=192.168.15.152/32 name=ike1-site2 profile=ike1-site2
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=\
aes-256-gcm,aes-192-ctr,aes-128-gcm pfs-group=modp2048
add enc-algorithms=aes-128-cbc name=ike1-site2 pfs-group=modp2048
/ip pool
add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool1 ranges=192.168.88.20-192.168.88.200
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.15.155/24 interface=ether1 network=192.168.15.0
add address=192.168.88.11/24 interface=ether2 network=192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1
/ip dns
set servers=8.8.8.8,208.67.222.222
/ip firewall filter
add action=accept chain=forward comment="accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" \
ipsec-policy=out,ipsec
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.1.0/24 src-address=\
192.168.88.0/24
add action=masquerade chain=srcnat out-interface=ether1
/ip ipsec identity
add peer=ike1-site2
/ip ipsec policy
add dst-address=10.1.101.0/24 peer=ike1-site2 proposal=ike1-site2 \
src-address=10.1.202.0/24 tunnel=yes
/ip route
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.15.1
/snmp
set contact=VITOR enabled=yes location=MK1 trap-version=2
/system identity
set name=MK1
/system ntp client
set enabled=yes
/system ntp server
set broadcast=yes broadcast-addresses=192.168.88.255 enabled=yes
/system ntp client servers
add address=200.160.7.186
add address=201.49.148.135
mk2
# may/23/2024 18:21:12 by RouterOS 7.6
# software id = ZJ3M-ESHW
#
/disk
set sata1 name=primary-slave
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-128 name=ike1-site1
/ip ipsec peer
add address=192.168.15.155/32 name=ike1-site1 profile=ike1-site1
/ip ipsec proposal
add enc-algorithms=aes-128-cbc name=ike1-site1 pfs-group=modp2048
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.1.11/24 interface=ether2 network=192.168.1.0
add address=192.168.15.152/24 interface=ether1 network=192.168.15.0
/ip firewall filter
add action=accept chain=forward comment="accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" \
ipsec-policy=out,ipsec
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.88.0/24 src-address=\
192.168.1.0/24
add action=masquerade chain=srcnat out-interface=ether1
/ip ipsec identity
add peer=ike1-site1
/ip ipsec policy
add dst-address=10.1.202.0/24 peer=ike1-site1 proposal=ike1-site1 \
src-address=10.1.101.0/24 tunnel=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/snmp
set contact=vitor enabled=yes location=mk2 trap-version=2
/system identity
set name=MK2
/system ntp client
set enabled=yes
/system ntp server
set broadcast=yes broadcast-addresses=192.168.88.255 enabled=yes
/system ntp client servers
add address=200.160.7.186
add address=201.49.148.135
Did you try pinging like pe1chl suggested?
pe1chl?? what is this?
It’s not a thing, it’s a user (@pe1chl). Check out his post just above regarding ping..