IPsec Tunel

What about looking at the other site?

On otherr site 

root@recargaki-moz2 MOZ]# traceroute 192.168.30.168
traceroute to 192.168.30.168 (192.168.30.168), 30 hops max, 60 byte packets
1 192.168.15.1 (192.168.15.1) 0.488 ms 0.507 ms 0.539 ms
2 196.40.113.8 (196.40.113.8) 0.321 ms 0.319 ms 0.298 ms
3 196.40.117.210 (196.40.117.210) 0.228 ms 0.409 ms 0.383 ms
4 *
5 *
6 *
7 *
8 *

o the trace is correct as you can see it matches the policy

and on my site 

That other site's traceroute does not look correct at all to me.

Normally you have 2 - 3 hops maximum if using a direct ipsec tunnel from site-to-site.

Yours seems to go to the WAN.

But you give too little info here, we would need some kind of network diagramm to help you out.

No need to hide internal IP, and you could obfuscate the public IP like that: 85.xx.yy.115 for better understanding.

good.

We have 2 sites with both a Sophos XG  and Fortigate configered with site-to-site ipsec VPN 

 On both sides we also have 2 firewall rules  VPN to LAN and LAN to VPN with any

the conection is now estabilshed

But I can't ping my Lan and I can't ping the remote site either

 Sohpos 

My Local Gw 41..XX.YY.150

My local lan 192.168.30.168

Fortigate

remote gw 196.XX.YY.218

remotte lan 192.168.15.3

Lan should be something like 192.168.30.0 /24, not a /32 ip like 192.168.30.168.

Same applies to the other side: 192.168.15.3 is not a network, but a single host. That should be 192.168.15.0 /24 or so.

I don't want the whole network to communicate, just these two servers 30.168 and 15.3