Management has elected to replace our office RB450G with a Watchguard M200 for better control and threat management.
I need to connect 3 remote sites to the Watchguard.

Currently each remote site has a RB450G running L2TP back to the office, each location has a separate 192.168.x.x address block routed to a 172.16.0.x tunnel. This is functional and has worked very well.

With a test setup we are able to get a successful phase 1 & phase 2 negotiation from a test mikrotik to the watchguard but where unable to pass traffic. Based on documentation and previous posts it appears that a routed IPSec network is not possible, is this correct? I have also seen some examples with a 1:1 Nat

Has anyone successfully made this configuration work?

Thanks

Jerry

Late reply...
I successfully configure IPsec tunnels between WatchGuard and MikroTik, they all work (almost all on first try) and pass traffic.
You have to exclude IPsec traffic from NAT (ip > firewall > nat). Add a rule with action "accept".