Hi there!
First of all, I have read many topics about some issues similar to mine; however I haven’t found any one that could help me actually.
At our headquarters we are running the Asterisk server (1.4.22.1), it is behind a firewall. From this firewall, we have created a VPN site-to-site connecting a branch office.
Phones in the main office can register on Asterisk without any problem. These phones are in different subnet than the Asterisk server. At this point, everything is correct.
The problem is the phones at the other side of the VPN. There are 2 clients: a X-lite and a Cisco 7941 running SIP firmware (SIP41.8-5-2S). Before we moved the phones to the branch office, we tested both of them. X-lite and Cisco could register on Asterisk and placed calls while they were in the main office.
But, since we moved those phones to the branch office, registering has been impossible.
The only change that has been made in the phones is the IP (an IP of the network there at the branch office).
This is what I’ve got:
- From Asterisk server we can ping the phones and vice versa.
- Furthermore, the Cisco phone can reach the SEPXXXXXconf.xml from a TFTP here in the main office, so I think IP communication is not a problem. The VPN tunnel is working.
- We also opened all ports between hosts. Consequently, firewalls in the middle of the communication should not be a problem. Port UDP/5060 is open.
I ran out of ideas… 
I do not know what else can be.
I would appreciate A LOT, any idea that anyone could bring.
If you need any additional information about configurations, please let me know.
Thank you so much and have a good day all!