Media Redirection when clients are behind NAT

Everything I’ve been reading seems to indicate that media redirection cannot work unless both endpoints have public IPs, i.e. it won’t work if one of the endpoints is behind NAT, so asterisk must remain in the middle.

To get around this, the best solution would seem to be a sip proxy on the nat side’s gateway’s wan interface. So, instead of:

Client == (NAT/WAN) == Asterisk == (WAN) == Provider

… I’d have:

Client == (NAT) == Sip_Proxy == (WAN) == Asterisk == (WAN) == Provider

In this case, with both the proxy and my provider being on the WAN side of the NAT, the reinvite/rtp_redirection should not be a problem, right?

Am I correct in that this is a reasonable solution, or is there a way that does not involve setting up another point of failure on the local lan, and is similarly relatively straightforward?

You could also put Asterisk in that position.

I’m not actually convinced that you initial hypothesis is right. If it is there would be no point in having both dirctmedia=yes and directmedia=nonat.

However, I doubt that many providers would honour attempts to request direct media, so even a proxy, on the public side, may not help.