It may be required to open TCP port 5060 on your firewall for incoming/outgoing connections. UDP ports 10000 to 20000 also needs to be open.
By default Cisco enables SIP ALG (i.e. sip helper to accommodate NAT issues). It makes things worse it must be disabled for a proper functioning PBX behind NAT. The same applies when using hosted.
Make sure there is no access-list accidentally blocking traffic.
the command to use is: “no ip nat service sip udp 5060” that is usually enough to solve it. The SIP REGISTRATION does succeed do not be fooled by that: if you cannot dial in but you can dial out then SIP ALG is incorrectly active.
You can safely allow all udp traffic from your SIP provider to your internal PBX
There is an odd behaviour with these firewalls/modems (29xx series): you do have signaling (i.e. phones rings etc.) but you will have no audio when the option smart routing is on in the menu extensions and you dial a phone in the same NAT'ed LAN. So when you use these drayteks with our hosted platform then switch off smart routing.
The Smart routing option forces local traffic not to go through your WAN when you make calls to devices in the same NAT'ed LAN, this saves a lot of bandwidth when you only have ADSL.
Model P-2602: Turn off SIP ALG