IP Phone behind a router

I have a Asterisk box at a public IP (203.250.x.y). I also have a Cisco IP Phone (7940 series) being set up behind a router at 203.250.x.z. I set a static private IP (192.168.1.x) for that phone and set some NAT forwarding rules (port ranges: 5060 - 5061 and 10000 - 20000 according to my Asterisk box) on the router. The phone gets connected and successfully registered SIP configuration.
For testing purpose, I installed a X-Lite soft phone on my computer (at a public IP) and configured another SIP account for the soft phone.

The problem is that the Cisco phone CAN send data out but CANNOT receive data in. That means, it can make a call to my soft phone and on my soft phone I can hear sounds. But in the reverse path, I cannot hear any sounds on the Cisco phone, also I cannot make calls from the soft phone to the Cisco phone.
Note: If I set a public IP for the Cisco phone, the problem will not occur.

Could any one give me some advices?

The cisco you use is quirky ( read bug ridden) , don’t try and “qualify” it.

I think the problem is because of some kinds of ‘firewall’ or ‘NAT forwarding’ but cannot figure it out.

Then start with the wiki and google if that’s what you think, but as I suggested maybe first set qualify=no on the extension first.

Dicko is right, the ancient Cisco phones had lot’s of SIP bugs and hacks were put in Asterisk to make it work.

It’s a real poor choice for a phone behind NAT as it seems to struggle figuring out it’s outside IP, hence as you indicated it sends your private IP in the SDP message.

Frankly, there are so many phones that work behind NAT I would not bother with the 79x0 series or any Cisco 79xx phone.

If you are dead set on making it work you will need a VPN.