Recently we had an issue with an IPsec tunnel on Mikrotik passing multiple subnets across a tunnel with multiple policies. The problem is Packet forwarding and encryption only works for one destination (the first matched IPSec Policy) and the other subnet, which has the second policy did not work. In our case, we had two subnets 192.168.115.0/24 and 192.168.116.0/24 going across the tunnel. We could reach things on 116, but not 115. The following blog post was the fix for our issue.
Once the level was set to “unique” everything was good.