VPN, Site to Site Tunneling, Vlan, Secondary IP

Given that you bothered to hide the WAN addresses of both peers (Mikrotik and Meraki) on the screenshots, I figure they are both public. Therefore, the Phase 2 SA uses bare ESP, but your firewall filter rules (at least the ones that did fit into the screenshot) do not accept incoming ESP. So if the connection is intiated from the Meraki side after a long pause, the ESP packet sent by Meraki is not accepted by Mikrotik.

You also seem to be a bit lost in how the firewall configuration works, as you explicitly accept the IPsec-related traffic in the output chain, but there is no drop rule in that chain, so the rest of output traffic is accepted implicitly.

Instead of posting a ton of screenshots, use /export hide-sensitive file=somenicename on the command line, then download the file somenicename.rsc, remove the serial number and replace usernames for various services by xxxxx; for public IP addresses, replace their first three bytes systematically by distinct a.b.c patterns in such a way that the relationship between addreses and subnets remains unchanged, and post the redacted version between [code] and [/code] tags.

Please explain what you mean by Secondary address. Your description is hard to understand overall, could it be that you use some translator that blurs the idea? If so, can you reveal your native language?