That’s a good question, because both the server and the client use UDP port 1701. I’d assume this to be handled automagically by a common stack being used for both the server and client role. Unfortunately I don’t have enough boxes handy to check at the moment.
Issues definitely exist when two L2TP connections encrypted using IPsec and terminated on the same device pass through the same NAT on the remote side like this:
____ ______________ | |
_______________ ( ) | |-------| L2TP endpoint |
| | public IP A ( ) public IP B | | ||
| L2TP endpoint |------------------( )----------------| WAN(NAT) LAN | _______________
|| () | | | |
||-------| L2TP endpoint |
|_______|In this case, the traffic selector of the IPsec security policies at the L2TP endpoint running at public IP A cannot distinguish the two remote endpoints’ UDP sockets from each other as they have the same IP address (public IP B) and the same port (1701). And it doesn’t matter whether the endpoint at public IP A acts as L2TP client or L2TP server or both. Details and solution can be found here.