Can't Establish L2TP Connection /w IPSec Between Ericsson SE Router.

RouterOS General
1

Hello,

I will establish L2TP connection between my ISP. They have assigned me a local IP to connect their router locally, and I established this connection;

My Side:
IP: 10.240.0.246
VLAN: 2062

Their Side:
IP: 10.240.0.245
VLAN: 2021

Now I am trying to establish L2TP connection with them, given these information;
My Side: 10.220.0.245
Their Side: 10.22.0.245
Auth Key: 21062

This is my config:

> interface vlan print where vlan-id=2062
Flags: X - disabled, R - running, S - slave 
 #    NAME                                     MTU ARP        VLAN-ID INTERFACE                                  
 0 R 
      VLAN_2062                1700 enabled       2062 ether10 

> ip address print where network=10.240.0.244   
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                
 0   ;;; VLAN:2062 TT_IP:10.240.0.245
     10.240.0.246/30    10.240.0.244    VLAN_2062

> ip address print where network=10.220.0.245  
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                
 0   ;;; L2TP_Add
     10.220.0.245/32    10.220.0.245    VLAN_2062
	 
> ip firewall filter print where comment="IPSec - L2TP"
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; IPSec - L2TP
      chain=input action=accept protocol=udp src-port=500,1701,4500 log=yes log-prefix=""
	  
> interface ipip print where local-address=10.220.0.245
Flags: X - disabled, R - running, D - dynamic 
 #     NAME                         MTU ACTUAL-MTU LOCAL-ADDRESS   REMOTE-ADDRESS                       KEEPALIVE                                               DSCP
 0 X   Tunnel                       auto       1480 10.220.0.245    10.22.0.245                                                                               inherit

This is debug log:

09:41:15 ipsec,debug,packet === 
09:41:15 ipsec,debug initiate new phase 1 negotiation: 10.220.0.245[500]<=>10.22.0.245[500] 
09:41:15 ipsec,debug begin Identity Protection mode. 
09:41:15 ipsec,debug,packet new cookie: 
09:41:15 ipsec,debug,packet 71fd564a459036c7  
09:41:15 ipsec,debug,packet add payload of len 92, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 13 
09:41:15 ipsec,debug,packet add payload of len 16, next type 0 
09:41:15 ipsec,debug,packet 384 bytes from 10.220.0.245[500] to 10.22.0.245[500] 
09:41:15 ipsec,debug,packet sockname 10.220.0.245[500] 
09:41:15 ipsec,debug,packet send packet from 10.220.0.245[500] 
09:41:15 ipsec,debug,packet send packet to 10.22.0.245[500] 
09:41:15 ipsec,debug,packet src4 10.220.0.245[500] 
09:41:15 ipsec,debug,packet dst4 10.22.0.245[500] 
09:41:15 ipsec,debug,packet 1 times of 384 bytes message will be sent to 10.22.0.245[500] 
09:41:15 ipsec,debug,packet 71fd564a 459036c7 00000000 00000000 01100200 00000000 00000180 0d000060 
09:41:15 ipsec,debug,packet 00000001 00000001 00000054 01010002 03000028 01010000 800b0001 000c0004 
09:41:15 ipsec,debug,packet 00015180 80010007 800e0080 80030001 80020002 80040002 00000024 02010000 
09:41:15 ipsec,debug,packet 800b0001 000c0004 00015180 80010005 80030001 80020002 80040002 0d000014 
09:41:15 ipsec,debug,packet 4a131c81 07035845 5c5728f2 0e95452f 0d000014 8f8d8382 6d246b6f c7a8a6a4 
09:41:15 ipsec,debug,packet 28c11de8 0d000014 439b59f8 ba676c4c 7737ae22 eab8f582 0d000014 4d1e0e13 
09:41:15 ipsec,debug,packet 6deafa34 c4f3ea9f 02ec7285 0d000014 80d0bb3d ef54565e e84645d4 c85ce3ee 
09:41:15 ipsec,debug,packet 0d000014 9909b64e ed937c65 73de52ac e952fa6b 0d000014 7d9419a6 5310ca6f 
09:41:15 ipsec,debug,packet 2c179d92 15529d56 0d000014 cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 
09:41:15 ipsec,debug,packet 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 16f6ca16 e4a4066d 83821a0f 
09:41:15 ipsec,debug,packet 0aeaa862 0d000014 4485152d 18b6bbcd 0be8a846 9579ddcc 0d000014 12f5f28c 
09:41:15 ipsec,debug,packet 457168a9 702d9fe2 74cc0100 00000014 afcad713 68a1f1c9 6b8696fc 77570100 
09:41:15 ipsec,debug sent phase1 packet 10.220.0.245[500]<=>10.22.0.245[500] 71fd564a459036c7:0000000000000000 
09:41:15 ipsec,debug new acquire 10.220.0.245[0]<=>10.22.0.245[0] 
09:41:15 ipsec,debug suitable outbound SP found: 10.220.0.245/32[0] 10.22.0.245/32[0] proto=4 dir=out 
09:41:15 ipsec,debug suitable inbound SP found: 10.22.0.245/32[0] 10.220.0.245/32[0] proto=4 dir=in 
09:41:15 ipsec,debug,packet  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=0:0) 
09:41:15 ipsec,debug,packet   (trns_id=3DES encklen=0 authtype=hmac-sha1) 
09:41:15 ipsec,debug request for establishing IPsec-SA was queued due to no phase1 found. 
.
.
.
.retries the same operation above
.
.
09:42:15 ipsec,error phase1 negotiation failed due to time up 10.220.0.245[500]<=>10.22.0.245[500] 71fd564a459036c7:0000000000000000 
09:42:19 ipsec,debug,packet Zombie ph2 found, expiring it 
09:42:19 ipsec,debug phase2 sa expired 10.220.0.245-10.22.0.245 
09:42:19 ipsec,debug new acquire 10.220.0.245[0]<=>10.22.0.245[0] 
09:42:19 ipsec,debug suitable outbound SP found: 10.220.0.245/32[0] 10.22.0.245/32[0] proto=4 dir=out 
09:42:19 ipsec,debug suitable inbound SP found: 10.22.0.245/32[0] 10.220.0.245/32[0] proto=4 dir=in 
09:42:19 ipsec,debug,packet  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=0:0) 
09:42:19 ipsec,debug,packet   (trns_id=3DES encklen=0 authtype=hmac-sha1) 
09:42:19 ipsec,debug IPsec-SA request for 10.22.0.245 queued due to no phase1 found. 
09:42:19 ipsec,debug,packet ===

Is this problem persists because of my config or their side?

Thanks in advance for any tip!

2

You did not show the config on your and their side!
So how would we know?

3

They told me that to set this connection they only assigns these information to their router;

Their Local IP: 10.22.0.245
My Local IP: 10.220.0.245

and tunnel auth key: 2062, the one I talked told me that they only entered these information but nothing else.

4

Then they either rely on you using some standard router they always use, or they don’t have much experience with IPsec.
IPsec has a lot of parameters and they all must match. Debugging mismatched parameters is a big headache so
it should normally specify all of them so you can check.