I have a Watchguard T20 on firmware 12.7.2 and a CCR1036-12G-4S on firmware 6.49. I have setup a BOVPN between the two sites using the how-to from Watchguard:https://www.watchguard.com/help/docs/he ... rebox.html
I have verified that the tunnel is up. From the Watchguard network, I can ping and browse the network of the other side. However, I am not able to get from the Mikrotik to the Watchguard network. I have spoken with Watchguard support and they have verified that the incoming ICMP packets are never getting to the Watchguard.
I have ruled out ISP issues. I have connected the same Watchguard to other Mikrotiks in the same manner and verified functionality. This leads me to believe the issue lies with the Mikrotik.
I have added in a filter rule to accept ipsec-esp and ipsec-ah as chain=input.
Not sure what I'm missing.