A 521 means your origin server refused the connection. Cloudflare can connect from a variety of IP addresses, so because you see this from one ISP and not another just means that different IP addresses are being used.
Check your list again carefully against https://www.cloudflare.com/ips-v4 and I think you’ll notice a range is missing. Once you have all of the IP addresses set correctly, test again - if it still happens, you’ll need to check the error logs of your web server or firewall to understand why your origin is resetting the connection. You can also run a PCAP to confirm the existence of the RST packet itself - but knowing what is doing it is something you’d need to investigate within the origin network / firewalls.