I don't know if it's applicable to Comcast, but check your ISP doesn't do Carrier Grade NAT (CG-NAT). That will prevent you from initiating inbound connections. If you're manual port forwarding for your site-to-site, double check there's no port overlaps. Site-to-site and Client VPN Port Overlap with Manual port Forwarding rules - Cisco Meraki
... View more