This article notes the AWS EC2 Security Group that should be associated with an EC2 to permit a roaming VPN client to connect to an IPSec/L2TP hosted on a server within AWS.
* TIP: The AH and ESP are entered in as just numbers, not the “AH” and “ESP”.