Windows Server 2016 – L2TP VPN in RRAS only accessable from internal interface, not from external

I have a problem installing a L2TP VPN Connection with Windows Server 2019.

There are two interfaces: “Intern” – 10.0.0.1 / Internal interface “Extern” – 192.168.2.3 / External interface, connected through router to the internet

I can easily connect to the VPN from a local PC, in the same network, e.g. 10.0.0.10. Connection can be established with the correct user and PSK.

But when I try to connect to 192.168.2.3 (from the 10.0.0.10, 192.168.2.3 is accessable from this IP, because of routing) or from external (internet, correct port-forwarding in Internet-Router (FritzBox)), I just get no connection established.

The only thing is the NAT between it. The client is correct configured, included the registry values HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

What am I doing wrong? Firewall cannot be the problem, because I deactivated the firewall for testing purposes.

Maybe somebody has an idea that could help. Thanks very much in advance.

Screenshots of the configuration: External Interface Routing Settings Internal Interface Routing Settings External Interface Port-Forwarding Settings Routing settings Routing security settings Interface list