I recently replaced a Cisco router with a Mikrotik, where the cisco had a NAT rule as follows:
udp inside private_ip 5060 external_ip 5060
After replacing it with a Mikrotik that had an appropriate inbound NAT rule on port 5060, we only had on-way audio (if I made a call from outside, I could head them, but they could not hear me). The solution was to add an outbound NAT rule above the default outbound NAT rule to make sure the source port for outbound packets remained at 5060. e.g. the required NAT rules (and ordering) are as follows:
| Purpose | Original Destination | Translated Destination | Original Source | Translated Source |
|---|---|---|---|---|
| Destination NAT for inbound SIP connections | router_public_ip:5060 | sip_server_private_ip:5060 | Internet | Unchanged |
| Source NAT for outbound SIP traffic | Internet | Unchanged | sip_server_private_ip:5060 | router_public_ip:5060 |
| Generic NAT for all other internet access | Internet | Unchanged | lan_subnet | router_public_ip |
I don't know how universal this solution is, but it solved the problem immediately for me without having to use a SIP ALG or STUN.