There are three tools that can (according to a CCIE friend of mine) solve any networking-related problems: GRE tunnels, PBR and VRFs. The solutions to the L2TP default routing challenge nicely prove this hypothesis; most of them use at least one of those tools.

Policy-based routing on virtual template interface. Use the default route toward the Internet and configure PBR with set default next-hop on the virtual template interface. The PBR is inherited by all virtual access interfaces, ensuring that the traffic from remote sites always passes the network core (and the firewall, if needed).

Virtual template and core interfaces in a VRF. Use Multi-VRF (formerly known as VRF Lite) to separate LAC-LNS routing from inter-site routing. Keep LAC-LNS traffic in global table and assign the virtual template and the core LAN interface to a VRF.

L2TP interface in the VRF. In recent IOS releases L2TP is VRF-aware, allowing you to turn around the previous solution: LAC-LNS traffic uses VRF routing, inter-site traffic uses the default IP routing table. This solution is better, as it allows you to manage the LNS through the global IP routing table (in the previous solution you’d have to make all network management services as well as AAA VRF-aware).

Get more-specific LAC routing from the Service Provider. In the ideal world you’d be working with a Service Provider that understands your needs and sends you LAC IP addresses in a BGP session. I loved this solution, as it’s clean, easy to understand and scalable ... it just requires a knowledgeable Service Provider.

Dual LNS. Use an outside and an inside LNS. The outside LNS (using default routing toward the Internet) receives an L2TP session from LAC and propagates it to inside LNS (using default routing toward network core).

I’d like to thank everyone who replied; you’ve yet again proven that you’re a special audience. Special thanks go to Robert (for solving the problem with BGP), Nitzan (for pointing out yet another IOS feature I was not aware of) and Christoph (for a creative use of multi-hop L2TP).