For second masquerade rule read here: http://forum.mikrotik.com/t/solved-nat-and-internal-webserver-access-from-internal-ip-with-domainname/101528/5
on client I can’t configure default route option.. there are mobile phones…
Added
/ip firewall filter
add chain=forward action=accept in-interface=l2tp-in1 log=yes log-prefix="forward rule"
add chain=input action=accept in-interface=l2tp-in1 log=yes log-prefix="forward rule"
/ppp profile
add name="L2TP" local-address=L2TP-Pool remote-address=L2TP-Pool use-mpls=default use-compression=default use-encryption=yes only-one=default change-tcp-mss=default use-upnp=default address-list="" on-up="" on-down=""
/ip pool
add name=L2TP-Pool addresses=192.168.1.201-192.168.1.250
still not working