Possible causes for this are usually
a> L2TP based VPN client (or VPN server) is behind NAT.
b> Wrong certificate or pre-shared key is set on the VPN server or client
c> Machine certificate or trusted root machine certificate is not present on the VPN server.
d> Machine Certificate on VPN Server does not have 'Server Authentication' as the EKU
Now please make sure correct certificate is used both on client and server side. In case Pre Shared Key (PSK) is used, make sure the same PSK is configured on the client and the VPN server machine.
 
Have you tried looking at the permissions? Under the Dial-In properties section of a user's account, the control access through remote access policy option must be checked under the Remote Access Permissions (dial-in or VPN) section.
 
Have you checked your port settings and protocols?  If so can you provide an example or screenshot.