hi,
i've configurated mikrotik behind an ISP Modem (DMZ) with a public IP. The ISP modem is open for all TCP and UDP port forward to mikrotik. ISP modem have an AP server Bridged on DMZ.
I've configured Mikrotik with L2pt Ipsec with Mikrotic wiki and the results are:

- when an iphone (with wiki configuration and pointed to DMZ IP of mikrotic), connected to AP of the ISP modem (WIFI), try an l2tp ipsec connection to Mikrotik is all right
- when an iphone (with wiki configuration and pointed to public IP of Mikrotik) is connected to UMTS (vodafone) and try an l2tp ipsec connection to Mikrotik connection failed

the difference that i noted in the log are the connection port:
- first case the debug is (192.168.1.0/24 DMZ IP):
"respond new phase 1 negotiation: 192.168.1.101[500]<=>192.168.1.102[500]"
and connected
-second case the debug is (note the ISP Modem NAT the public IP on Mikrotic DMZ IP):
"resent phase1 packet 192.168.1.101[500]<=>5.90.36.58[2125] 73f6be35cbef5e9d:6b303a2f2ec9a081"
and try to resent some times without success

all times i try the first case the port is always the same: 500
when i try the second case the port is alway different: 1714, 2015 ecc

firewall config are:

Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward

1 chain=input action=accept protocol=ipsec-esp
in-interface=ether4-wan log=yes

2 chain=input action=accept protocol=udp in-interface=ether4-wan
src-port=500,1701,4500 log=no

any suggestion?
thanks in advance..