I have discovered that there seems to be some confusion as to whether port forwarding TCP/UDP 5060 and UDP 10000/20000 is necessary for asterisk servers behind NAT. The following link seems to indicate that it is not necessary:
And a post in this link states that it is absolutely necessary:
In my current setup, port forwarding on or off has absolutely no effect on behavior. Here is my current setup:
flowroute SIP trunk<—internet—>firewall/router/NAT-----LAN switch<—Asterisk server/Cisco handsets
Any opinions on the necessity of port forwarding for asterisk behind NAT?
Routers that try to be clever with SIP tend to break things. The only way you could use Asterisk without port forwarding is if your router was trying to be clever. That is an unknown quantity.
That could be.
But what’s interesting is, for me, turning SIP Application Layer Gateway on or off, turning Intrusion Prevention System on or off, turning port forwarding on or off, and any combination of the three have absolutely no effect on how calls get in or out of my system.
The router must still be constructing dynamic port forwarding rules.
Also note that your firewall is probably stateful. Which means a SIP packet outbound to UDP/5060 will create a state, and leave that port open for a certain time to get the answer back from the destination.
With a stateless firewall you would see that not forwarding any port inbound to your Asterisk will break things.