This is a heads up for anyone using L2TP/IPsec and UPNP2 controlled by a ACL rule set.
Sometime ago I reported that I was having issues with my L2TP/IPsec over the cellular network .... my symptoms where that I was timing out consequently my VPN connection failed until I rebooted my ERL --- after reboot my VPN would work for a period of time then time out again. A number of users reported conflicts with port 4500 and sure enough my Apple gear like the Time Capsule under NAT-PMP opens 4500 --- so in my case to solve this issue in my ACL rule set that controls what's allowed under UPNP2 I have blocked port 4500
set service upnp2 acl rule 15 action 'deny'
set service upnp2 acl rule 15 description 'Block Port 4500 utilized by ATC'
set service upnp2 acl rule 15 external-port '4500'
set service upnp2 acl rule 15 local-port '0-65535'
set service upnp2 acl rule 15 subnet '192.168.20.0/24'
Now my External cellular Access via L2TP\IPSec works very nicely.
Before you implement the above method make sure you understand all the implications.