this happened to me.
I couldn't even connect. As soon I commited the config (didn't even needed to change anything at all... it was jusk like a "hey router...just to remind you that you have ipsec thing in your config... use it!" thing...) and I could connect to the VPN. But no access. (I could ping thou)
In my case I had a *drop* policy in my firewall for both lans with accept only for ports I want, including ICMP, thats Why the ping worked.
I add an accept all protocolls from my ipsec ips in both rulesets and regained access.
