Site to Site ipsec tunnel establishes a connection but traffic doesn't arrive at datacenter over tunnel.

Current Equipment at client site. LTE Router / Modem in passthough
manufacturer: MikroTik
model: R11e-LTE-US
current-operator: AT&T

Firewall
manufacturer: UBNT
model: UniFi Security Gateway 3P
Local Network: 192.168.58.0 / 24
Subnet at our Datacenter : 172.16.58.0 /24

Cisco ASA55xx-X Netgen firewalls in Active - Passive. Currently host more than 2 dozen ipsec vpns, including this clients when it was on a Verizon FIOS connection.

I've attached a lot more of my notes in a txt file to this post so that it doesn't blow out for screen after screen. At this point I feel like it's either something I've not setup correctly with the LTE connection and pass-through (although I do get traffic, firewall see's ip address on it's interface, and I can connect to firewall using L2TP) I've placed a spare Cisco 5520 for testing and recieved simular results. It might be something to do with LTE and maybe I need to call AT@T, but I'm not sure how to point in that direction or how to get this problem routed to the correct technical source.

As with a lot of this kind of gear. it's at a remote location for me to get at it. IE Fly to nearest airport and drive 2 hours. I can put more technical hands onsite, but I have to schedule that and if downtime is expected.. that needs to be considered. For the most part, the LTE / USG setup is working, Just no tunnel for the couple of services we need accessible.

My MikroTik setup for starters for the LTE looks like this..
/interface lte apn
set [ find default=yes ] apn=XXXXX.MCS passthrough-interface=ether1 \
passthrough-mac=74:83:C2:79:59:F5

Interface Info commnad output
/interface lte info lte1 once
pin-status: ok
registration-status: registered
functionality: full
manufacturer: MikroTik
model: R11e-LTE-US
revision: MPSS: R11eL_v16.02.183961 APSS: R11eL_v05.03.183961 CUSTAPP:
current-operator: AT&T
lac: 205
current-cellid: 166688024
enb-id: 651125
sector-id: 24
phy-cellid: 173
access-technology: Evolved 3G (LTE)
session-uptime: 9h14m28s
imei: 355509090174542
imsi: 310410283564344
uicc: 89014103272835643442
earfcn: 2000
rsrp: -100dBm
rsrq: -15dB

I've read a bunch of articles on this forum, UBNT's etc. and I'm not sure where to look to get the right command to sort this out.

AT&T IP that give you, is public or private?

Regards.

Static IP Address passed though to UBNT USB3 Firewall. Also tried passing though to Cisco ASA5520. Same results, tunnel comes up, but traffic doesn't arrive at Datacenter.

I attached more notes in txt file, but not sure if it's been approved by moderators yet.

I have a "portable camera system" that uses a similar link.

The camera system is a box with several cameras attached. There is a Netgear wireless modem in the box. This connects to a hAP AC2. The output of that goes to a switch to drive the cameras.

The Netgear is on ATT cellular and has carrier grade NAT.

The office has a typical dynamic PUBLIC IP.

The office has L2TP IPSec VPN set up on it. It is the server.
The hAP AC2 is the dialer.

Once the hAPAC2 calls in over L2TP... IPSec establishes. Then I needed routes on both routers and proper firewall rules.

Result... Type in the local IP of the camera at the office.. and the camera out at the site streams video.

Check your routes if you can actually get a connection.

It's not L2TP that I'm an trying to get to work. It's an ipsec site to site vpn between firewalls. I can get L2TP to work ok.

It's not L2TP that I'm an trying to get to work. It's an ipsec site to site vpn between firewalls. I can get L2TP to work ok.

I get that.

I am telling you about something that actually works.

Hoping you could maybe look at that and figure out what "might be helpful" for your issue.