I successfully configured a new Archer C2300 for my home internet to replace an older Dlink which did not support 802.11ac. Wifi calling over Xfinity internet did not work until I enabled Advanced - NAT Forwarding - ALG - IPsec Passthrough. See the diagram below. Note, there is an FAQ dated 5/16/2022 saying to create virtual servers for IKEv2 (port 500) and NAT-T (port 4500), which also works for wifi calling, but these virtual servers are not needed. I guess wifi calling would have worked from the beginning if I left the default settings of all ALG enabled, but more security is better than more functionality by default.