Outbound SIP traffic: How to
What is the correct way to configure NAT and FW for outbound SIP from a SIP server?
Right now I have no problem with the call setup. When the server performs the call setup the outbound SIP traffic establishes a UDP state which allows the SIP replies from the remote server… then the RTP stream starts up and the lack of continued UDP traffic allows the UDP state to expire, so when the remote servers attempt to tear the calls the packets end up in the fail logs. Due to the dynamic nature of the source port you can't set a static forward rule. The call gets torn down anyway 30 seconds after the RTP stream ends... assuming that remote server was trying to say BYE. There are cases where it might be trying to say something else, at which point bad things start to happen. I've just gotten fed up with it only working 98% of the time.
It was necessary to force the trunks to use a static SIP server port. The phones can be dynamic but the trunks need to be static.
Then I just used an alias for the providers IP blocks - they have 10 C-blocks - and an alias for VoIP port ranges (5060 and 10000-20000).
Then set up symmetric NAT, meaning, equivalent inbound and outbound mapping rules, except the outbound is 5060 only where as the inbound uses the alias.
A lot of the problem was actually the provider. They replied to the dynamic port during call setup, but for tear down they were sending the BYE to 5060.