We use Mikrotik for IPSEC VPN, after configuring IPSEC, specifically the IPsec Policy configuration. The LAN IP (gateway) stops responding to pings, and it is not possible to access it via Winbox. See the screenshot for a better understanding.
I attached the screenshots.

/interface bridge
add name=Bridge-NetLAN
/interface list
add name=seg-interfaces
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip ipsec profile
add dh-group=XXX enc-algorithm=YYY hash-algorithm=ZZZ lifetime=8h \
name=Phase1 nat-traversal=no
/ip ipsec peer
add address=46.244.146.52/32 local-address=192.124.249.252 name=EMA-SD \
profile=Phase1
/ip ipsec proposal
add auth-algorithms=xxx enc-algorithms=YYY lifetime=1h name=Phase2
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=yes interface=Bridge-NetLAN \
lease-time=2d name=dhcp1
/port
set 0 name=serial0
/interface bridge port
add bridge=Bridge-NetLAN interface="ether2 - Net-LAN"
add bridge=Bridge-NetLAN interface=ether3
add bridge=Bridge-NetLAN interface=ether4
add bridge=Bridge-NetLAN interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=seg-interfaces
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=1024
/interface list member
add interface=Bridge-NetLAN list=seg-interfaces
/ip address
add address=10.12.48.1/24 interface=Bridge-NetLAN network=10.12.48.0
add address=192.124.249.252/24 interface="ether1 - Link-Internet" network=\
192.124.249.0
/ip dhcp-server network
add address=10.12.48.0/24 gateway=10.12.48.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.12.48.0/24 list=RD-SUP
/ip firewall filter
add action=accept chain=input comment="ESTABLISHED e RELATED" \
connection-state=established,related
add action=accept chain=input comment="IPSec Protocol" protocol=\
ipsec-esp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input comment="Rd Sup" dst-port=\
8080,9182 protocol=tcp src-address-list=RD-SUP
add action=accept chain=input dst-port=161,162,20561 protocol=udp \
src-address-list=RD-SUP
add action=accept chain=input protocol=icmp src-address-list=RD-SUP
add action=accept chain=input comment="ICMP Net LAN" dst-address=\
10.12.48.1 in-interface=Bridge-NetLAN protocol=icmp src-address=\
10.12.48.0/24
add action=accept chain=input comment="VPN" dst-address=\
192.124.249.252 src-address=46.244.146.52
add action=accept chain=output dst-address=46.244.146.52 src-address=\
192.124.249.252
add action=accept chain=forward comment="IPSec" dst-address=\
10.0.0.0/8 src-address=10.12.48.0/24
add action=accept chain=forward dst-address=10.12.48.0/24 src-address=\
10.0.0.0/8
add action=accept chain=input comment="ICMP" limit=50,5:packet \
protocol=icmp
add action=accept chain=output log=yes protocol=icmp
add action=accept chain=output comment="Mikrotik"
add action=accept chain=output comment=" - " dst-port=80 \
protocol=tcp src-address=192.124.249.252
add action=accept chain=output dst-port=443 protocol=tcp src-address=\
192.124.249.252
add action=accept chain=output dst-port=123 protocol=udp src-address=\
192.124.249.252
add action=drop chain=input comment="Drop All"
/ip firewall nat
add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\
ether5 protocol=tcp to-addresses=10.12.48.3
add action=accept chain=srcnat comment="VPN" \
dst-address=10.0.0.0/8 src-address=10.12.48.0/24
add action=masquerade chain=srcnat comment="\" Masquerade\"" \
out-interface="ether1 - Link-Internet"
/ip ipsec identity
add peer=EMA-SD
/ip ipsec policy
add dst-address=10.0.0.0/8 peer=EMA-SD proposal=Phase2 src-address=\
10.12.48.0/24 tunnel=yes
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.124.249.126 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10