IPSec VPN only accessible from one end / site-to-site

[marcellinus77]

Hi

I have the following setup:

Site A, 10.50.0.0/16 Sophos XG IP:192.168.1.8 <NAT to INTERNET> IP:213.55.xx.xx
Site B, 10.10.0.0/16 OpnSense 20.1 IP:192.168.1.250 <NAT to INTERNET> IP:83.77.xx.xx

Site A is initiating the tunnel
Site B is set to listen for connections

The tunnel is policy based

I can ping and access from any device at Site A net (10.50../16) all devices at site B. So the tunnel is working perfectly, if looking from Site A.

i.e. from host (A)10.50.10.10 I can send print job to printer (B)10.10.1.5

However, I can not access Devices at Site A from Site B.

i,e, from Opnsense Host (B) 10.10.1.1 I can NOT ping host (A)10.50.10.10

Sophos does not support VTI, so I need to stick to policy based routing.

Is there any suggestion how I can enable site A to access site B?

Thanks
M.