Hello All

Having the following problem : connecting to IPSEC VPN Server (Kerio Control) what is behind RB450G with routeros 6.1 and with public IP.
Port forward is set on router for IPSEC-ESP, IPSEC-AH, 500,1701,4500,5500 UDP, but cannot connect from outside to the VPN Server.
The VPN server wich is the internal gateway too and the internal network is connected to the internet via the RB450G. The purpose is that employees have acces from home or from mobile device to internal network, but Kerio makes the user authentification and is integrated into the Active Directory domain too.

If this is not possible (simple forwarding for L2TP), then how I can solve the problem ?
Thanks in advance for help !

An IPSec access concentrator can not be behind NAT.

Only IPSec clients can be behind NAT.

Thanks for confirmation, what if I set up a VPN server on RB450G and I make a tunnel between Kerio Control and RB450G ? With this would be possible to access the internal network ? Only access to internal network is needed in secure conditions from VPN clients, no need for accessing the internet thorough VPN. Kerio Control can deal with IPSEC tunnel, PPTP, PPPoE, (as client for PPTP, PPPoE)