Port 5060 - Remote Ext

I am trying to setup a new remote extension.

I have already covered the security issues. Firewall is tight / Fail2Ban cranked up and many of the ext running deny/permit - all password over 20chars.

I setup port forwarding on firewall for ports 5060, 11000-20000(i ranged rtp port to start at 11000)

Ext. is set for NAT

So, jump forward - I am at the remote site last night - I goto add an Aastra 6739i unit was just factory reset. - Plug in the line 1 proxy server/port and register server/port

watching our cli (remote desktop) - i see the ext show now reachable
placed test call in and out - no audio - while i was checking setting in gui the other person there rebooted the phone - no big deal - i see the cli show the ext drop then come back up - but now it will not dial at all just call fail and when calling in goes to vm.

I checked nmap does not show the 5060 is open - it is forwarded on the router though - is this an issue as all of our int phones work and any additional input to why this ext is not working?

thanks

Aastra remote NAT support I have found is poor. Can you use a VPN?

5060 is UDP, I don’t think NMAP shows UDP.

nmap has a switch, -sU , for udp scans.

it shows 5060 is open but filtered - make any difference

Thats disappointing - I have come to really like Aastra phones - What phones are good for remote nat?
As far as VPN goes - It is possible but we would need to do some upgrades here and at the remote site, there is no way aastra has any direct vpn connection options in the phones is there? or just add vpn router / endpoint to site?