I just got a reply from the support about this where they told me that Cisco probably defaults to creating seperate SAs per subnet (which I thought was mandatory according to the IPsec standard), while Mikrotik defaults to sharing the same SA for multiple policies. So connecting two MTs works out-o...