I have been trying to get a Mikrotik CRS125 configured as a L2TP/IPSEC client to connect to a remote VPN server. I can connect to the server using the username, password and shared key provided, if I use a Windows laptop, or a Mikrotik on my internal network. However, as I am wanting to establish a site to site connection, I want to have the VPN established between my CRS125 which is my internet router, and the remote VPN server. PPTP and OpenVPN can establish to remote VPN servers just fine, it is just L2TP/IPSEC combination that fails.

The attached picture roughly shows my setup, I have a DSL connection into a Draytek router configured to bridge the external connection through to the CRS125.

I can see the IPSec policy come up and the PH2 State established, but then it goes away and starts trying to establish again.

It appears I can establish the VPN through the CRS125, but not from it.

I have disabled all firewall rules other than the NAT srcnat rule, and still no joy.

What does the log on your MikroTik say?

Add more logging for IPsec and L2TP topics under System -> Logging.

If you accept L2TP/IPSec connections to your MikroTik for your own use, make a new PPP profile which is used for outbound connections which doesn't have anything in the Local or remote IP fields.

Which firmware are you running on the CRS125?

How is your l2tp-client interface configured on the CRS125?

Make sure you don't have a connection through the CRS when you are testing from the CRS. IPsec can be problematic with multiple connections between the same two endpoints. Some IPSec servers can handle it. Others, like MikroTik cannot.