Hello,
In the attached configuration from site B I do not see the any policies from zone internal to zone internet which is calling the VPN MM_MCO_VPN.
As you have the policy from zone internet to zone internal for vpn MM_MCO_VPN, similarly you also need to have the policy in the reverse direction from zone internal to to zone internet.
Policy you already have in the configuration on site B:-
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN match source-address MCO_LAN_Seg
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN match destination-address local-net
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN match application any
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then permit tunnel ipsec-vpn MM_MCO_VPN
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then log session-init
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then log session-close
Policy that you need to add in the configruation on site B:-
set security policies from-zone Internal to-zone Internet policy MCO_MM_VPN-1 match source-address MCO_LAN_Seg
set security policies from-zone Internal to-zone Internet policy MCO_MM_VPN-1 match destination-address local-net
set security policies from-zone Internal to-zone Internet policy MCO_MM_VPN-1 match application any
set security policies from-zone Internal to-zone Internet policy MCO_MM_VPN-1 then permit tunnel ipsec-vpn MM_MCO_VPN
set security policies from-zone Internal to-zone Internet policy MCO_MM_VPN-1 then permit tunnel pair-policy MCO_MM_VPN
set security policies from-zone Internal to-zone Internet policy MCO_MM_VPN-1 then log session-init
set security policies from-zone Internal to-zone Internet policy MCO_MM_VPN-1 then log session-close
Also you need to add the below command more to the already existing policy:-
set security policies from-zone Internet to-zone Internal policy MCO_MM_VPN then permit tunnel pair-policy MCO_MM_VPN-1
Similarly if the revers policy to allow this traffic is not configured on site A as well then you need to configure on site A as well.
The currenlty existing policies will allow traffic only when it is initiated from site A to site B as you are seeing. But once the above is configured the vice versa traffic should also work.
Thanks,
Pulkit Bhandari
Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too.