This is quite a complex setup.  You could spend a lot of time on this and may never get it resolved.   Personally, I would buy a VMX-S. https://meraki.cisco.com/product/security-sd-wan/virtual-appliances/vmx-small/  This will be tremendously simpler, and you can get it working. ... View more

I have this same scenario,  but I can't seem to get it to work - any help for me? ... View more

I don't know if it's applicable to Comcast, but check your ISP doesn't do Carrier Grade NAT (CG-NAT). That will prevent you from initiating inbound connections.   If you're manual port forwarding for your site-to-site, double check there's no port overlaps. Site-to-site and Client VPN Port Overlap with Manual port Forwarding rules - Cisco Meraki ... View more