When you say “sending traffic on UDP port” are the ports 5069 and 5072 the SOURCE or DESTINATION of the traffic?
The ports you setup applies only to the Asterisk side of things. Asterisk will send RTP traffic, to whatever port the sender requests with SDP.
That is, if I configure my Asterisk to use ports 2000 for RTP, and you setup yours to use 4000, the traffic you see on your Asterisk will have port 2000 as source and 4000 as destination for inbound traffic, and the reverse for outbound.
The problem is on how we can prove that it was our Voicebot Provider that sent the traffic using WireGuard and AYIYA protocols because we can’t find any PCAP that shows:
Src: Voicebot SBC
Dst: ASTERISK Server