Has anyone heard of this actually happening? Googling it brings up a fair amount of armwaving about this topic circa 2002, but nothing recently.
I have a client with this service at their remote office; their previous IPSec setup was flakey and we replaced their firewalls on both ends with new equipment, but when I installed this I've noticed that the tunnel cannot be brought up with requests from their home office -- it appears that the ISAKMP packets originating in the home office simply go nowhere.
But if the tunnel is brought up with keying initiated at the remote office, it works just fine. We verified this behavior by building a second tunnel to the remote office from our office.
I can only think of two explanations for this phenomena: Comcast is deliberately blocking inbound ISAKMP packets to mangle IPSec tunnels, or the cable modem itself has some filtering enabled, blocking these inbound packets.