Помогите решить проблему с ipsec

Добрый день форумчане!!! Помогите разобраться вот с такой ситуацией (Имеются 2 офиса с одинаковой ip адресацией, настроен ipsec и вродебы как работает, но не пингуется ip второго офиса. И пакетики не бегают) Подскажите, в чём может быть проблема, куда копать? Скриншоты прилагаются. Складывается ощущение, что с маршрутизацией что-то не так.


/caps-man channel add band=2ghz-onlyn control-channel-width=20mhz frequency=2462,2437,2412 name=channel2 reselect-interval=1d tx-power=15 add band=5ghz-onlyac control-channel-width=20mhz frequency=5180,5220,5745,5785,5300,5680 name=channel5 tx-power=17 /interface bridge add name=bridge-br1 protocol-mode=none /interface ethernet set [ find default-name=ether2 ] name=lan1 set [ find default-name=ether3 ] name=lan2 set [ find default-name=ether4 ] name=lan3 set [ find default-name=ether5 ] name=lan4 set [ find default-name=ether7 ] name=lan5 set [ find default-name=ether8 ] name=lan6 set [ find default-name=ether9 ] name=lan7 set [ find default-name=ether10 ] name=lan8 set [ find default-name=sfp-sfpplus1 ] disabled=yes set [ find default-name=ether1 ] name=wan1 set [ find default-name=ether6 ] name=wan2 /interface pppoe-client add add-default-route=yes disabled=no interface=wan1 name=Beltelecom service-name=Beltelecom use-peer-dns=yes user=\ 1234567890@beltel.by /caps-man datapath add bridge=bridge-br1 client-to-client-forwarding=yes local-forwarding=yes name=datapath1 /caps-man rates add basic=48Mbps,54Mbps name=rate1 /caps-man security add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=security1 /caps-man configuration add channel=channel2 country="united states" datapath=datapath1 distance=indoors mode=ap name=cfg2 rates=rate1 rx-chains=0,1,2,3 \ security1 ssid=Clever tx-chains=0,1,2,3 add channel=channel5 country="united states" datapath=datapath1 distance=indoors mode=ap name=cfg5 rx-chains=0,1,2,3 security=\ security1 ssid=Clever5 tx-chains=0,1,2,3 /interface ethernet switch port set 0 default-vlan-id=0 set 1 default-vlan-id=0 set 2 default-vlan-id=0 set 3 default-vlan-id=0 set 4 default-vlan-id=0 set 5 default-vlan-id=0 set 6 default-vlan-id=0 set 7 default-vlan-id=0 set 8 default-vlan-id=0 set 9 default-vlan-id=0 set 10 default-vlan-id=0 set 11 default-vlan-id=0 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip ipsec policy group add name=policy_group /ip ipsec profile add dh-group=modp1024 enc-algorithm=aes-256 name=ABB-profile nat-traversal=no /ip ipsec peer add address=2.2.2.2/32 local-address=1.1.1.1 name=ABB-peers profile=ABB-profile /ip ipsec proposal add enc-algorithms=aes-256-cbc lifetime=1h name=ABB-proposal pfs-group=none /ip pool add name=dhcp ranges=192.168.0.30-192.168.0.252 add name=vpn_pool ranges=192.168.112.1-192.168.112.10 /ip dhcp-server add address-pool=dhcp disabled=no interface=bridge-br1 lease-time=3d name=dhcp /ppp profile add change-tcp-mss=yes local-address=vpn_pool name=l2tp_profile remote-address=vpn_pool use-encryption=no /queue simple add burst-threshold=30M/30M burst-time=30s/30s limit-at=40M/40M max-limit=50M/50M name=ovpn priority=1/1 target=192.168.0.129/32 add dst=Beltelecom max-limit=200M/200M name=queue-limit queue=pcq-upload-default/pcq-download-default target=192.168.0.0/24 /user group set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp /caps-man access-list add action=accept allow-signal-out-of-range=10s disabled=no interface=all signal-range=-79..120 ssid-regexp="" add action=reject allow-signal-out-of-range=10s disabled=no interface=all signal-range=-120..-80 ssid-regexp="" /caps-man manager set enabled=yes /caps-man provisioning add action=create-dynamic-enabled disabled=yes hw-supported-modes=ac,an master-configuration=cfg5 name-format=identity add action=create-dynamic-enabled disabled=yes hw-supported-modes=gn master-configuration=cfg2 /interface bridge port add bridge=bridge-br1 interface=lan1 add bridge=bridge-br1 interface=lan2 add bridge=bridge-br1 interface=lan3 add bridge=bridge-br1 interface=lan4 add bridge=bridge-br1 interface=lan5 add bridge=bridge-br1 interface=lan6 add bridge=bridge-br1 interface=lan7 add bridge=bridge-br1 interface=lan8 /ip neighbor discovery-settings set discover-interface-list=!dynamic /interface l2tp-server server set authentication=mschap2 caller-id-type=number default-profile=l2tp_profile enabled=yes use-ipsec=yes /ip address add address=192.168.0.1/24 interface=bridge-br1 network=192.168.0.0 add address=3.3.3.3/20 interface=wan2 network=3.3.3.0 /ip dhcp-server lease .... /ip dhcp-server network add address=192.168.0.0/24 dns-server=192.168.0.1,8.8.8.8,8.8.4.4 gateway=192.168.0.1 netmask=24 /ip dns set allow-remote-requests=yes cache-size=8128KiB servers=8.8.8.8,8.8.4.4 /ip firewall filter add action=accept chain=input connection-state=established,related add action=accept chain=input dst-port=1701,500,4500 in-interface=wan1 protocol=udp add action=accept chain=input in-interface=wan1 protocol=ipsec-esp add action=drop chain=input connection-state=invalid disabled=yes add action=accept chain=forward connection-state="" in-interface=wan1 ipsec-policy=out,ipsec add action=accept chain=forward connection-state="" in-interface=wan1 ipsec-policy=in,ipsec add action=accept chain=forward connection-state=established,related add action=drop chain=forward connection-state=invalid disabled=yes add action=drop chain=input in-interface=wan1 add action=drop chain=forward in-interface=wan1 /ip firewall nat add action=accept chain=srcnat comment="ipsec action" dst-address=192.168.177.0/24 src-address=10.58.6.0/24 add action=netmap chain=srcnat comment=1 dst-address=192.168.177.0/24 src-address=192.168.0.0/24 to-addresses=10.58.6.0/24 add action=netmap chain=dstnat comment=2 dst-address=10.58.6.0/24 src-address=192.168.177.0/24 to-addresses=192.168.0.0/24 add action=redirect chain=dstnat dst-port=53 protocol=udp add action=redirect chain=dstnat dst-port=53 protocol=tcp add action=netmap chain=dstnat dst-address=1.1.1.1 dst-port=13555 protocol=udp to-addresses=192.168.0.129 to-ports=13555 add action=netmap chain=dstnat dst-address=1.1.1.1 dst-port=21 protocol=udp to-addresses=192.168.0.21 to-ports=21 add action=netmap chain=dstnat dst-address=1.1.1.1 dst-port=21 protocol=tcp to-addresses=192.168.0.21 to-ports=21 add action=netmap chain=dstnat dst-address=1.1.1.1 dst-port=1190 protocol=tcp to-addresses=192.168.0.1 to-ports=1190 add action=netmap chain=dstnat dst-address=1.1.1.1 dst-port=3000 protocol=tcp to-addresses=192.168.0.39 to-ports=3000 add action=dst-nat chain=dstnat dst-address=1.1.1.1 dst-port=9090 protocol=tcp to-addresses=192.168.0.101 to-ports=80 add action=dst-nat chain=dstnat dst-address=1.1.1.1 dst-port=50001-60000 protocol=udp to-addresses=192.168.0.174 to-ports=\ 50001-60000 add action=dst-nat chain=dstnat dst-address=1.1.1.1 dst-port=8070 protocol=tcp to-addresses=192.168.0.150 to-ports=80 add action=dst-nat chain=dstnat dst-address=1.1.1.1 dst-port=8081 protocol=tcp to-addresses=192.168.0.137 to-ports=8080 add action=masquerade chain=srcnat comment=ipsec ipsec-policy=out,none add action=masquerade chain=srcnat out-interface=wan1 add action=masquerade chain=srcnat src-address=192.168.0.0/24 add action=masquerade chain=srcnat dst-address=192.168.0.101 dst-port=80 protocol=tcp src-address=192.168.0.0/24 add action=masquerade chain=srcnat dst-address=192.168.0.42 dst-port=3000 protocol=tcp src-address=192.168.0.0/24 add action=masquerade chain=srcnat dst-address=192.168.0.101 dst-port=80-500 protocol=tcp src-address=192.168.0.0/24 add action=masquerade chain=srcnat src-address=192.168.0.0/24 add action=masquerade chain=srcnat /ip ipsec identity add peer=ABB-peers /ip ipsec policy add dst-address=192.168.177.0/24 level=unique peer=ABB-peers proposal=ABB-proposal sa-dst-address=2.2.2.2 sa-src-address=\ 1.1.1.1 src-address=10.58.6.0/24 tunnel=yes /ip route add distance=1 gateway=Beltelecom add check-gateway=ping comment=ISP1 disabled=yes distance=1 gateway=1.1.1.1 add check-gateway=ping comment=ISP2 disabled=yes distance=2 gateway=3.3.3.3 add comment=Google disabled=yes distance=1 dst-address=8.8.4.4/32 gateway=1.1.1.1 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api disabled=yes set api-ssl disabled=yes /ip traffic-flow set cache-entries=16k enabled=yes /ip traffic-flow target add dst-address=192.168.0.42 /ppp secret add name=vpn_user profile=l2tp_profile service=l2tp /snmp set enabled=yes trap-version=3 /system clock set time-zone-name=Europe/Minsk /system identity set name=MikroTik_RB4011