Yes, the router(s) has(have) public IPs. Unfortunately I can't reset the remote router on the mobile side because otherwise I'll loose the connection.
I disabled the IPSec and scanned the ports and protocols. The result shows that port 500 and 4500 are closed and protocols 50 and 51 are open (any response in any protocol from target host).
Then I explicitely forwarded the router port 500 to port 500 and scanned it but the port remained closed.
When I enabled the IPSEc again, the scanning resuls shows that there are services listening port 500 and 4500. Correspondingly protocols 50 and 51 gave no response.
I'm no expert, so this is the best I can do. The mobile operetor don't recommend anything either. When I configured the IPSec for the first time two years ago there were no problem Now this seems impossible to make work.