Problem w/ remote extension... 1way audio on gxp2000

I have elastix pbx setup (freepbx 2.3.1.5) and running with no problems and have 3 grandstream gxp2000 phones to test with. The way its setup now Elastix is sitting behind a symantec firewall/vpn 200 appliance.

Symantec Appliance
10.25.18.0/255.255.255.0
Ports 5004-20000 UDP fowarded to elastix 10.25.18.60
2 VPN Tunnels to 10.25.19.0/255.255.255.0 & 10.25.20.0/255.255.255.0

Im using voicepulse as my provider and i used their freepbx module to get everything setup and activated and its registered and i can make and recieve calls. I have 2 grandstream gxp2000 phones inside this network (one at 10.25.18.80 and the other at 10.25.18.81) and they are registered and i can make and recieve calls using them with no problems.

Im trying to setup the third gxp2000 phone at one of the remote sites thats connected thru VPN to the elastix site. So i configured the phone with 10.25.19.80/255.255.255.0
I changed the sip.conf file and this is what it now looks like (/var/www/html/admin/modules/core/etc/sip.conf):

bindport = 5060 ; Port to bind to (SIP is 5060)
bindaddr = 0.0.0.0 ; Address to bind to (all addresses on machine)
externip=elastix.rrwds.net
localnet=10.25.18.0/255.255.255.0
nat=Yes,true,y,t,1,on
qualify=yes
canreinvite=yes
disallow=all
allow=ulaw
allow=alaw

The remote phone is connecting to elastix.rrwds.net and it registers and you can call it and it rings but you only hear 1way audio. You can hear the caller on the phone but the calling party cant hear the person on remote phone. I looked in debug and its calling and ringing and i dont see errors but im not sure what im looking for. Ive set the phone to connect to 10001 on the rtp because it had the local rtp port set to 5004. It use to not have any audio until i changed that setting. Ive checked the phone and for the “Use NAT IP” i set the phones ip address in there. As shown below…

local RTP port: 10001 (1024-65535, default 5004)
Use random port: No
keep-alive interval: 20 (in seconds, default 20 seconds)
Use NAT IP: 10.25.19.80 (if specified, this will be used in SIP/SDP message)
STUN server: (URI or IPort)

What is possibly wrong? Should i change the elastix.rrwds.net to the public IP? We have dynamic dns and i have dynamic address from no-ip.com for the public ip but since the sites are connected thru VPN it shouldnt have to use the public ip address.

you will find a document for how to set up a remote extension which covers all of this along with all the steps needed to correct it.

http://www.freepbx.org/support/documentation/howtos/howto-setup-a-remote-sip-extension

It still does 1way audio. I have the extension setup correctly. For test sake i placed the phone in the dmz and rebooted it and that fixed it. For some reason the router isnt allowing the phone to pass thru or its blocking it. The site is connected via VPN back to the central office where the VOIP server is, but its not allowing the phone to pass thru fully

How do i go about getting this fixed as i need to setup 2 or 3 phones total in this site and i can only place 1 phone in the DMZ? Ive been reading about having to use a STUN server, but ive also read they dont always fix the problem.

You should NOT need a STUN server. You ahve missed something in your setup. Either in the extension and enabling NAT for it, the firewalls involved and opening & forwarding UDP (NOT TCP) ports needed, or missing something in the SIP NAT settings s othat it knows what is internal and what is external.

In that you have provided nothing to look at or review it’s like shooting in the dark for the target. For a faster response try the IRC channel but first thing everybody will ask is to see all the things you have done so be prepared.

FYI: Some Routers that do VPN also firewall the VPN so you need to tell it what ports to forward on. Please double check that.