    Hey gents,

    I am in exactly the same situation as yaplej in this thread:

    With a critical difference:
    I'm using the phone over a VPN, and I can see all traffic getting through, etc, but I know the phone IS NATted.

    For reasons that are obscenely complicated, I can't currently un-NAT the phone. I've added both the phone's IP address and the IP address of the NATting device to the IP address range for the switch.

    I've checked the packets going by [Oh Windump, my new love] along the way and what I see is the phone talking to the server just fine, doing it's FTP thing, etc, but then trying to contact the switch (A UDP packet sent from 2427 on the phone to 2727 on the switch) and no reply from the switch.

    This is true both on the hop just before the phone (inside the NAT) and on the VPN link (before/outside the NAT). The switch just doesn't appear to be replying, or if it is, it can't get to the VPN, much less to the NATting device!

    I can ping the switch just fine, though.

    The phone is in the list of phones at that site, but is listed as out of service. (I'm guessing this just means that the server wants it to go to that site - not that the phone and the site have had any interaction at all)

    Just wondering if anyone has any suggestions - Knowing that I'm NATted, is there anything that can be done?

    If packets are getting eaten/ignored on their way back from the switch, it's not happening when they hit the NAT.

    Are the switches capable of any diagnostic behavior, etc?

    Thanks for your time. Any information, thoughts, or further troubleshooting steps would all be appreciated.