Site-to-site IPsec VPN with Mikrotik and Overlapping network

Question

Hi everyone, 
 I'm having difficulty getting site to site IPsec to work properly with a Mikrotik device. 
 Both LANs use the same class 192.168.99.0/24 and to configure the Sophos (SG115 SFOS 20.0.0 GA-Build222) I followed these instructions: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help /en-us/webhelp/onlinehelp/AdministratorHelp/SiteToSiteVPN/HowToArticles/S2sVPNIPsecConnectionPBVPNNATSameSubnets/index.html

The tunnel is established correctly, but if I try to ping a remote host (ex. 10.10.99.1) from the Sophos LAN, I get timeouts.

However, if I try to ping a host behind the Sophos from the Mikrotik I get a response and at that point the ping from the host behind the Sophos to the remote LAN also starts to work. 
 In the IPsec configuration I enabled the NAT option 
 Thanks to anyone who can help me

Andrea C · Accepted Answer

Hi, 
 I solved the problem by allowing the esp protocol into the input chain on the mikrotik router. However, I have a question: why do I not get a response from the console if I do a ping with the Sophos LAN address as the source? 
 Pinging from a host behind the Sophos works 
 Thank you

Site-to-site IPsec VPN with Mikrotik and Overlapping network

Top Replies