After digging into this some more I narrowed down that if I disabled the firewall rules then all worked. I wasn't understanding why this was not working until I decided to look again at what policies where being applied to the machine. I had the policy that was allowing era to be the only thing allowed through. I was able to successfully add the wsus port and remote IP to the rules and wa la. (all is working). Sorry for posting something that was actually my fault from implementing. For future people reading, keep in mind to turn off your rules as a test to see if these are causing issues, if so look at all your policies being applied to see what is assigning rules. And check your client to see what settings have been applied.