I am having a whole load of trouble with a cisco router as the IOS firewall inspection doesn't work well with NAT (it wants to translate the source port of my phone's SIP port to a random port from 1024 up, and RTP ports to a similarly random source port. The problem is the inspection mechanism is punching holes as if NAT isn't there (so it's punching a hole for 5060 on the public IP where there is no active NAT translation rule).
I can work around this by creating static NAT entries for 5060 and 16384 (the phone's default ports) but it's a bit ugly, and this seems to break the SIP inspection so I need to manually punch a hole to allow my voip provider in (otherwise results in one-way audio)
Is there anything else I can do that would help? Vonage use all sorts of stuff to get their devices working over NAT, so is there anything I'm missing here?
BTW, the phone is a Cisco 7912G with SIP. There is an option for outbound proxy, and one for NAT server with some keepalive parameters.