I have a Watchguard T20 on firmware 12.7.2 and a CCR1036-12G-4S on firmware 6.49. I have setup a BOVPN between the two sites using the how-to from Watchguard:https://www.watchguard.com/help/docs/he ... rebox.html

I have verified that the tunnel is up. From the Watchguard network, I can ping and browse the network of the other side. However, I am not able to get from the Mikrotik to the Watchguard network. I have spoken with Watchguard support and they have verified that the incoming ICMP packets are never getting to the Watchguard.

I have ruled out ISP issues. I have connected the same Watchguard to other Mikrotiks in the same manner and verified functionality. This leads me to believe the issue lies with the Mikrotik.

I have added in a filter rule to accept ipsec-esp and ipsec-ah as chain=input.

Not sure what I'm missing.

I have used WatchGuard BOVPN with MikroTik successfully but used VLAN tagging for the networks.

Have you put in the routing rules on the MikroTik so that any traffic to the VPN IPs is being sent over the correct connection? Also, on the WatchGuard end, have you put in the rules to allow traffic from the VPN to access the local (WatchGuard end) network?

Yes, I have rules at both ends. I have duplicated this exact setup at 2 other sites and was able to get it working successfully. I just think something may be blocking the connection from the Mikrotik end.

Since you've got it working at other sites my first thought would be to check the order of rules on the problem site. Do you have exactly the same rules on all sites? The other thing to check is if there is a firmware update for your MikroTik. If you would like me to take a look at your rules please export and attach them.