Problem with register after moving to production env

Hello,

I would like to register my Asterisk server to SIP provider. I have registered asterisk from testing environment with no problem.

I’ve moved server to production environment, now asterisk cannot register. I have opened UDP and TCP 5060 ports on firewall.

The packet flow looks like:
1.1.1.1 - server
2.2.2.2 - sip provider

1 1.1.1.1 (udp 5060) 2.2.2.2(udp 5060) SIP 591 Request: OPTIONS sip:2.2.2.2
2 2.2.2.2(udp 5060) 1.1.1.1(udp 16184) SIP 435 Status: 200 OK
3 1.1.1.1 2.2.2.2 ICMP 463 Destination unreachable (Port unreachable)

Don’t know why server is sending OK packet on 16184 UDP port, server doesn’t listing on that port.
Any one have idea? Maybe problem is nat translations?

sip.conf:

[general]
nat=y
register => mylogin:******@sipprovider/mylogin
bindport=5060
bindaddr = 0.0.0.0
insecure = invite,port
externip = my.extern.ip
localnet = my.local.network.ip/my.local.network.mask
tcpenable=yes

[sipprovider]
type=friend
username=mylogin
secret=******
host=provider.ip
fromdomain=provider.ip
insecure=invite,port
dtmfmode=rfc2833
disallow=all
allow=ulaw
qualify=yes
nat=yes
bindport=5060
canreinvite=no

Probably because the router is translating the port number on the outbound request.

There isn’t anything wrong with configuration apart from the usual bad choice of options. I would change type, insecure and nat, but many peole get by with these set badly.