Hello.
I have an IPSec tunnel between two sites that stopped working without making any changes to the configuration.
Apparently the negotiation is successful, but I can not see any of the pcs from the 2 sides.
configuration:
[admin@MikroTik] /ip ipsec> export
# may/30/2015 17:58:53 by RouterOS 6.28
# software id = KM5B-PUJ6
#
/ip ipsec peer
add address=190.x.x.x/32 comment=rio enc-algorithm=\
des,aes-128,aes-192,aes-256 lifetime=5d secret=xxx
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
add dst-address=192.168.1.0/24 sa-dst-address=190.x.x.x sa-src-address=\
200.x.x.x src-address=192.168.2.0/24 tunnel=yes
[admin@MikroTik] /ip firewall nat> export
# may/30/2015 18:00:56 by RouterOS 6.28
# software id = KM5B-PUJ6
#
/ip firewall nat
add chain=srcnat dst-address=192.168.1.0/24 src-address=192.168.2.0/24
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway

other side:
[admin@MikroTik] /ip ipsec> export
# may/30/2015 18:02:12 by RouterOS 6.28
# software id = 9A6A-CZWZ
#
/ip ipsec peer
add address=200.x.x.x/32 comment=envigado dpd-maximum-failures=3 \ enc-algorithm=des,3des,aes-128,aes-192,aes-256 lifetime=1w3d secret=\
xxx
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
add dst-address=192.168.2.0/24 sa-dst-address=200.x.x.x sa-src-address=\
190.x.x.x src-address=192.168.1.0/24 tunnel=yes
ip firewall nat:
0 chain=srcnat action=accept src-address=192.168.1.0/24 dst-address=192.168.2.0/24 log=no log-prefix=""
Any idea of the reason for the link stops working?

Best regards,
Santiago.

I got prety much the same problem here:
http://forum.mikrotik.com/viewtopic.php ... ec#p484564