I have an * server at a main site, with several SIP phones attached locally. I have another remote site with only one IAX soft phone. I want the remote IAX softphone to be able to place calls to terminals on the main site. The problem is that both sites sit behind firewalls. I don’t control the firewall at the remote site and I know that it is NAT’ing the softphone’s outbound traffic - ie replacing the softphone computer’s IP address with its own and using a different src port.
Via tcpdump, I can see on my * server at my main site the inbound traffic from the soft phone and its replies, but those replies never make it to the softphone pc. I’m assuming that the firewall at the remote site is dropping them (can’t see since I don’t control it, but I ran tcpdump on the remote computer and no inbound from the * server).
What I’m thinking is that the remote site the firewall needs to have a statement allowing any inbound traffic that comes from my main site with a src port of 4569.
access-list 101 permit udp host x.x.x.x host y.y.y.y eq 4569
Does that sound reasonable? Or am I missing something? If not, any suggestions?