Very bizarre and reliably reproducible.
Have a mobile client Android 4.4.2 (CM11m7) using L2TP/IPSEC /w PSK to RRAS on W2k8r2 server via AT&T cell network.
The client connects to VPN and it works no problems. After client disconnects RRAS keeps sending "NAT-keepalive packet" from UDP 4500 ... it does this forever after client disconnects until RRAS is restarted... every indication on Android client as well as RRAS client all is disconnected... RRAS shows no VPN sessions.
These keepalives are keeping UDP NAT association alive at carrier continuing to get forwarded on to mobile client which responds only with ICMP destination port unreachable. While packets are only sent at interval of ~20 sec it is enough to make short work of client battery.
I have wireshark captures from the mobile client, RRAS server and downstream router .. at first thought it was carrier NAT going bonkers yet really is from RRAS.
Any ideas or help would be much appreciated. Turned on full tracing in RRAS nothing obvious I could find.. keepalive activity is not generating constant messages. Any pointers on registry or other settings that might be adjustable for NAT-T/L2TP.