Forwarding/Routing VPN (via NAT)?

HI All!

I’m in a bit of a pickle here:


  • I have 5 cisco phones that I want to connect to a off-site phone server.
  • My ISP blocks port 5060, so I can’t just connect the phones up to a switch and forget about it, so i looked in to getting the GL-MT300N-V2 to use a VPN tunnel to connect to the server.
  • VPN Tunnel has a dedicated IP and forwards all ports, when I check via pc the IP shows up good and all.

No the fun starts:
After I connect the phone it stays in a Register Loop, and it also can not connect to a external TFTP server. So I started searching for the problem. After a few days I’ve just found it, however I do not know how to solve the problem:

As you can see in the image above the phone can connect out to the server, no problems at all, however the server replies to the internal IP of the tunnel, instead of the ip of the phone. To me this looks like a (double) NAT issue, however I can not find a way around it by static routes or firewall forwarding. That said, I’m definitely not very skilled at firewall and static route configuration so I hope you guys can help me out with this one!

Let me know if and what other information you need!

Big thanks in advance,
Best Regards,

@kyson-lok can you have a check of this about static route?

Is the network topology looks like this one?

It seems that it is fine.

What do you want to do with static route? So I can give your the specified instruction.