Hi,
When connected to the mobile 4G network, the only IP address on the android phone is
rmnet0 -IP 10.148.213.76, and the external IP appears as 1.132.109.249

An attempt to start the VPN shows the following IP addresses in the Mikrotik log, and the connection fails

10:58:13 ipsec,info respond new phase 1 (Identity Protection): XXX.XXX.142.31[500]<=>1.132.211.90[500]
10:58:45 l2tp,info first L2TP UDP packet received from 1.132.109.249
10:59:13 ipsec,error phase1 negotiation failed due to time up XXX.XXX.142.31[500]<=>1.132.211.90[500] e3dad647668f0dfe:2898e9e3f17eac7a

Note: the IPSEC IP address (1.132.211.90) is different to the the L2TP address (1.132.109.249), which is the external address reported on the phone.

When connecting from an internal network, the connection works.
11:04:09 ipsec,info respond new phase 1 (Identity Protection): XXX.XXX.142.31[500]<=>192.168.220.219[500]
11:04:09 ipsec,info ISAKMP-SA established XXX.XXX.142.31[500]-192.168.220.219[500] spi:34286fdf93366e65:219b471e50ca02f0
11:04:11 l2tp,info first L2TP UDP packet received from 192.168.220.219
11:04:11 l2tp,ppp,info,account Username logged in, 192.168.44.100
11:04:11 l2tp,ppp,info : authenticated
11:04:11 l2tp,ppp,info : connected

Am I in NAT heaven, and is there any answer?, or a different VPN type to use ?

Thanks