The remote site is Sophos. According to the event log, the connection is established, the status dot is green, but unfortunately no data can be transferred. A ping also leads to nothing. The receiving station sees that the connection is active, but cannot see any errors. The automatic entry in the routing table designates the public IP as the next hop - this is wrong. The next hop must be the tunnel(device) or the IPsecPeer!