I think I might have found the issue and it isn't pretty.
Encryption Method
Client VPN uses the L2TP/IP protocol, with 3DES and SHA1 respectively as the encryption and hashing algorithms. As a best practice, the shared secret should not contain any special characters at the beginning or end.
from
My Shared Secret has a special character as described and was chosen by a Cisco certified partner 4 years ago. I will test this after hours soon . If this is the issue this means we have to touch every device with a VPN client unless someone knows another way.