Good morning,

I am setting up an ipsec tunnel between these devices:
Mikrotik CCR2116-12G-4S
Firmware v7.14
Behind a NAT

/ip ipsec profile
add dh-group=modp1024 dpd-interval=disable-dpd enc-algorithm=aes-256 lifetime=\
8h name=ph1
/ip ipsec peer
add address=xxxxx.sn.mynetname.net name=secure01 port=1501 profile=ph1
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc,aes-256-gcm name=\
ph2
/ip ipsec identity
add peer=hap01
/ip ipsec policy
add dst-address=172.16.169.0/29 peer=hap01 proposal=ph2 src-address=\
10.1.0.0/24 tunnel=yes
/ip firewall nat
add action=accept chain=srcnat dst-address=172.16.16.0/29 src-address=\
10.1.0.0/24

Mikrotik hAP ax LTE6
Firmware v7.14.3
Through LTE connection (NAT needed)

/ip ipsec profile
set [ find default=yes ] nat-traversal=no
add dh-group=modp1024 dpd-interval=30s enc-algorithm=aes-256 lifetime=8h name=\
ph1 nat-traversal=no
/ip ipsec peer
add address=[public ip] name=ndm port=1501 profile=ph1
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc,aes-256-gcm name=ph2
/ip ipsec identity
add peer=ndm
/ip ipsec policy
add dst-address=10.1.0.0/24 peer=ndm proposal=ph2 src-address=172.16.16.0/29 \
tunnel=yes
/ip firewall nat
add action=accept chain=srcnat dst-address=10.1.0.0/24 src-address=\
172.16.16.0/29

IPSEC TUNNEL STABLISHED
PH2 STATE STABLISHED
SENT TRAFFIC ON BOTH DEVICES OK.
NO TRAFFICE RECEIVED ON ANY DEVICE.
LTE TRAFFIC IS CORRECT, NO PING LOSED.

PD: I have shown that DPD enabled on both devices somtimes produces constant rekeys and unstable connection on ipsec tunnel.