You need to fully explain your “2 router” setup. Chances are you have a fundamental design flaw in your network.
NAT=1 is not a valid setting.
Below is the documentation on Asterisk and NAT, Please not lines 721 and 722, it does not mention trying random settings you found on a post somewhere.
;----------------------------------------- NAT SUPPORT ------------------------
720 ;
721 ; WARNING: SIP operation behind a NAT is tricky and you really need
722 ; to read and understand well the following section.
723 ;
724 ; When Asterisk is behind a NAT device, the "local" address (and port) that
725 ; a socket is bound to has different values when seen from the inside or
726 ; from the outside of the NATted network. Unfortunately this address must
727 ; be communicated to the outside (e.g. in SIP and SDP messages), and in
728 ; order to determine the correct value Asterisk needs to know:
729 ;
730 ; + whether it is talking to someone "inside" or "outside" of the NATted network.
731 ; This is configured by assigning the "localnet" parameter with a list
732 ; of network addresses that are considered "inside" of the NATted network.
733 ; IF LOCALNET IS NOT SET, THE EXTERNAL ADDRESS WILL NOT BE SET CORRECTLY.
734 ; Multiple entries are allowed, e.g. a reasonable set is the following:
735 ;
736 ; localnet=192.168.0.0/255.255.0.0 ; RFC 1918 addresses
737 ; localnet=10.0.0.0/255.0.0.0 ; Also RFC1918
738 ; localnet=172.16.0.0/12 ; Another RFC1918 with CIDR notation
739 ; localnet=169.254.0.0/255.255.0.0 ; Zero conf local network
740 ;
741 ; + the "externally visible" address and port number to be used when talking
742 ; to a host outside the NAT. This information is derived by one of the
743 ; following (mutually exclusive) config file parameters:
744 ;
745 ; a. "externaddr = hostname[:port]" specifies a static address[:port] to
746 ; be used in SIP and SDP messages.
747 ; The hostname is looked up only once, when [re]loading sip.conf .
748 ; If a port number is not present, use the port specified in the "udpbindaddr"
749 ; (which is not guaranteed to work correctly, because a NAT box might remap the
750 ; port number as well as the address).
751 ; This approach can be useful if you have a NAT device where you can
752 ; configure the mapping statically. Examples:
753 ;
754 ; externaddr = 12.34.56.78 ; use this address.
755 ; externaddr = 12.34.56.78:9900 ; use this address and port.
756 ; externaddr = mynat.my.org:12600 ; Public address of my nat box.
757 ; externtcpport = 9900 ; The externally mapped tcp port, when Asterisk is behind a static NAT or PAT.
758 ; ; externtcpport will default to the externaddr or externhost port if either one is set.
759 ; externtlsport = 12600 ; The externally mapped tls port, when Asterisk is behind a static NAT or PAT.
760 ; ; externtlsport port will default to the RFC designated port of 5061.
761 ;
762 ; b. "externhost = hostname[:port]" is similar to "externaddr" except
763 ; that the hostname is looked up every "externrefresh" seconds
764 ; (default 10s). This can be useful when your NAT device lets you choose
765 ; the port mapping, but the IP address is dynamic.
766 ; Beware, you might suffer from service disruption when the name server
767 ; resolution fails. Examples:
768 ;
769 ; externhost=foo.dyndns.net ; refreshed periodically
770 ; externrefresh=180 ; change the refresh interval
771 ;
772 ; Note that at the moment all these mechanism work only for the SIP socket.
773 ; The IP address discovered with externaddr/externhost is reused for
774 ; media sessions as well, but the port numbers are not remapped so you
775 ; may still experience problems.
776 ;
777 ; NOTE 1: in some cases, NAT boxes will use different port numbers in
778 ; the internal<->external mapping. In these cases, the "externaddr" and
779 ; "externhost" might not help you configure addresses properly.
780 ;
781 ; NOTE 2: when using "externaddr" or "externhost", the address part is
782 ; also used as the external address for media sessions. Thus, the port
783 ; information in the SDP may be wrong!
784 ;
785 ; In addition to the above, Asterisk has an additional "nat" parameter to
786 ; address NAT-related issues in incoming SIP or media sessions.
787 ; In particular, depending on the 'nat= ' settings described below, Asterisk
788 ; may override the address/port information specified in the SIP/SDP messages,
789 ; and use the information (sender address) supplied by the network stack instead.
790 ; However, this is only useful if the external traffic can reach us.
791 ; The following settings are allowed (both globally and in individual sections):
792 ;
793 ; nat = no ; Default. Use rport if the remote side says to use it.
794 ; nat = force_rport ; Force rport to always be on.
795 ; nat = yes ; Force rport to always be on and perform comedia RTP handling.
796 ; nat = comedia ; Use rport if the remote side says to use it and perform comedia RTP handling.
797 ;
798 ; 'comedia RTP handling' refers to the technique of sending RTP to the port that the
799 ; the other endpoint's RTP arrived from, and means 'connection-oriented media'. This is
800 ; only partially related to RFC 4145 which was referred to as COMEDIA while it was in
801 ; draft form. This method is used to accomodate endpoints that may be located behind
802 ; NAT devices, and as such the port number they tell Asterisk to send RTP packets to
803 ; for their media streams is not actual port number that will be used on the nearer
804 ; side of the NAT.
805 ;
806 ; In addition to these settings, Asterisk *always* uses 'symmetric RTP' mode as defined by
807 ; RFC 4961; Asterisk will always send RTP packets from the same port number it expects
808 ; to receive them on.
809 ;
810 ; The IP address used for media (audio, video, and text) in the SDP can also be overridden by using
811 ; the media_address configuration option. This is only applicable to the general section and
812 ; can not be set per-user or per-peer.
813 ;
814 ; media_address = 172.16.42.1
815 ;
816 ; Through the use of the res_stun_monitor module, Asterisk has the ability to detect when the
817 ; perceived external network address has changed. When the stun_monitor is installed and
818 ; configured, chan_sip will renew all outbound registrations when the monitor detects any sort
819 ; of network change has occurred. By default this option is enabled, but only takes effect once
820 ; res_stun_monitor is configured. If res_stun_monitor is enabled and you wish to not
821 ; generate all outbound registrations on a network change, use the option below to disable
822 ; this feature.
823 ;
824 ; subscribe_network_change_event = yes ; on by default
825
826 ;----------------------------------- MEDIA HANDLING --------------------------------
827 ; By default, Asterisk tries to re-invite media streams to an optimal path. If there's
828 ; no reason for Asterisk to stay in the media path, the media will be redirected.
829 ; This does not really work well in the case where Asterisk is outside and the
830 ; clients are on the inside of a NAT. In that case, you want to set directmedia=nonat.
831 ;
832 ;directmedia=yes ; Asterisk by default tries to redirect the
833 ; RTP media stream to go directly from
834 ; the caller to the callee. Some devices do not
835 ; support this (especially if one of them is behind a NAT).
836 ; The default setting is YES. If you have all clients
837 ; behind a NAT, or for some other reason want Asterisk to
838 ; stay in the audio path, you may want to turn this off.
839
840 ; This setting also affect direct RTP
841 ; at call setup (a new feature in 1.4 - setting up the
842 ; call directly between the endpoints instead of sending
843 ; a re-INVITE).
844
845 ; Additionally this option does not disable all reINVITE operations.
846 ; It only controls Asterisk generating reINVITEs for the specific
847 ; purpose of setting up a direct media path. If a reINVITE is
848 ; needed to switch a media stream to inactive (when placed on
849 ; hold) or to T.38, it will still be done, regardless of this
850 ; setting. Note that direct T.38 is not supported.
851
852 ;directmedia=nonat ; An additional option is to allow media path redirection
853 ; (reinvite) but only when the peer where the media is being
854 ; sent is known to not be behind a NAT (as the RTP core can
855 ; determine it based on the apparent IP address the media
856 ; arrives from).
857
858 ;directmedia=update ; Yet a third option... use UPDATE for media path redirection,
859 ; instead of INVITE. This can be combined with 'nonat', as
860 ; 'directmedia=update,nonat'. It implies 'yes'.
861
862 ;directrtpsetup=yes ; Enable the new experimental direct RTP setup. This sets up
863 ; the call directly with media peer-2-peer without re-invites.
864 ; Will not work for video and cases where the callee sends
865 ; RTP payloads and fmtp headers in the 200 OK that does not match the
866 ; callers INVITE. This will also fail if directmedia is enabled when
867 ; the device is actually behind NAT.
868
869 ;directmediadeny=0.0.0.0/0 ; Use directmediapermit and directmediadeny to restrict
870 ;directmediapermit=172.16.0.0/16; which peers should be able to pass directmedia to each other
871 ; (There is no default setting, this is just an example)
872 ; Use this if some of your phones are on IP addresses that
873 ; can not reach each other directly. This way you can force
874 ; RTP to always flow through asterisk in such cases.
875
876 ;ignoresdpversion=yes ; By default, Asterisk will honor the session version
877 ; number in SDP packets and will only modify the SDP
878 ; session if the version number changes. This option will
879 ; force asterisk to ignore the SDP session version number
880 ; and treat all SDP data as new data. This is required
881 ; for devices that send us non standard SDP packets
882 ; (observed with Microsoft OCS). By default this option is
883 ; off.
884
885 ;sdpsession=Asterisk PBX ; Allows you to change the SDP session name string, (s=)
886 ; Like the useragent parameter, the default user agent string
887 ; also contains the Asterisk version.
888 ;sdpowner=root ; Allows you to change the username field in the SDP owner string, (o=)
889 ; This field MUST NOT contain spaces
890 ;encryption=no ; Whether to offer SRTP encrypted media (and only SRTP encrypted media)
891 ; on outgoing calls to a peer. Calls will fail with HANGUPCAUSE=58 if
892 ; the peer does not support SRTP. Defaults to no.
893