Hello Ed!
If everything else is configured correctly, it is probably failing the DTLS handshake between the client, and the Gateway. If you record a Wireshark trace, you can see constant "Client Hello" packets from your client without answer from the Gateway. Please, take a look at the following registry value on the Gateway for the list of the allowed ciphers:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
Value: Functions
You either need to add the missing ones which is supported by your client, or completely get rid of the "Functions" value (and reboot the Gateway).
All the bests,
Milan