Site to site VPN

Good day everyone!

I have a rahter unusual problem with one of my vpn setups. I am not sure that if i should post this here, so forgive me if this is the wrong thread or if this question has been answered before.

So i have two routers connected together via site to site ipsec VPN. Lets say the main router is router_1 and the client is router_2. So when i try to reach tle client router (Router_2) i cant, even ping times out. BUT when i ping back the main router (Router_1) from the client (Router_2) data is flowing trough BOTH of them. This means that after pinging the main router (Router_1) from the cilient (Router_2), i can ping back Router_2 from router_1, for a while. Traffic is flowing as well.

Please, its driving me crasy, everything seems to be set up perfectly, if anione can help i would be hugely thankful.

This is not so unusual, and it typically happens when both routers are directly on public IPs, or when the IPsec nat-traversal extension is disabled for the peer, and incoming “connections” are not permitted for the ESP protocol (which carries the encrypted payload) at the end from which the ping does work. It may be a firewall on that device itself (chain input of /ip firewall filter), but also a firewall between that device and the internet. If this is not sufficient, post the configuration from both devices; see my automatic signature right below for anonymisation hints.

In addition to the above, I see this frequently when one side has PFS enabled and the other doesn’t.