Hi everyone

Hope I placed this correctly, as it is a mix of VOIP/SIP/general issues.

We have an internal SIP PBX (Innovaphone) and want to connect SIP-Smartphone Clients through the Internets. There's a Static NAT for the PBX.
The problem now is, that there are two NATs involved; one from the smartphone either being behind a router or being NATed by the 3G telephone provider, and one from our R75 Firewall (no VOIP blade or SIP protection or anything).

Are there any best practices for this? The PBX admin said we should either use VPN Clients (L2TP comes to my mind when dealing with Androids and iPhones) oder a SIP-NAT (whatever that is).

If we use the public IP in the SIP-Client, the PBX logs that it has no binding for that address. If we use the internal IP (with the external Adress as the SIP-Proxy) IP, the client somehow also sends its internal IP and the PBX starts sending traffic to that IP, which ofc never reaches the smartphone.

Here's a small sketch: