I have a problem with VOIP phone users split over two network segments. I have installed 3CX server version 6.0.612, and previously tried with version 5.1 with the same results. Segment 1 which I will call the "protected" network also houses the 3CX server. This is a 192.168.38.x network with the 3CX server on 192.168.38.1. All voice users on this network have no problems with their voice calls. Segment 2, which I will call the "DMZ has more phone users. This is a 10.1.1.x network Between these two segments is a firewall, with an separate NIC interface on each of the segments. The firewall's two interfaces for the respective networks are 192.168.38.15 and 10.1.1.254 There is no port restrictions going from the "protected" network to the "DMZ" network In my frustration to resolve the problem, I have now opened ports 500 through to 35000 for both TCP and UDP from the "DMZ" to the 3CX server on the "protected" network, with the intention of closing this down once the system worked. VOIP callers within the "protected" network can make calls to each other without problem VOIP callers on the "protected" network can call users on the "DMZ", the receiving rings, but with audio only in the outbound direction VOIP callers on the "DMZ" cannot call anyone, as the 3CX server terminates the calls immediately and creates the log errors which I have attached below I have tried using both the 3CX software client, and Linksys SPA942 phones - both respond the same way. It would be my hope to use SPA942's going forward rather than the software client. Note that both devices register without problem on the 3CX server from the DMZ I have configured both "DMZ" client devices with the SIP server being 10.1.1.254, which is the firewall NIC. This is forwarded to the 3CX server on the "protected" network. Note in the log below, EXT 10 is on 10.1.1.68 and 12 is on 192.168.38.88. I note that the logs don't show this correctly as they show EXT 12 being on the NIC of the firewall 9:09:18.281 Call::Terminate [CM503008]: Call(6): Call is terminated 19:09:18.281 CallCtrl:nIncomingCall [CM502001]: Source info: From: 6; To: [sip:email@example.com];tag=1477d8e5422ef023o0"12"[sip:firstname.lastname@example.org] 19:09:18.281 CallCtrl:nIncomingCall [CM503013]: Call(6): Incoming call rejected, caller is unknown; msg=SipReq: INVITE email@example.com tid=-cca4e797 cseq=INVITE firstname.lastname@example.org:5060 / 102 from(wire) 19:09:17.625 evt::CheckIfAuthIsRequired::not_handled [CM500002]: Unidentified incoming call. Review INVITE and adjust source identification: INVITE sip:email@example.com SIP/2.0 Via: SIP/2.0/UDP 10.1.1.68:5060;branch=z9hG4bK-6ad60ef3 Max-Forwards: 70 Contact: [sip:firstname.lastname@example.org:5060] To: "12"[sip:email@example.com] From: [sip:firstname.lastname@example.org];tag=1477d8e5422ef023o0 Call-ID: email@example.com CSeq: 101 INVITE Expires: 240 Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER Supported: replaces User-Agent: Linksys/SPA942-5.2.8 Content-Length: 0 19:09:17.625 evt::CheckIfAuthIsRequired::not_handled [CM302001]: Authorization system can not identify source of: SipReq: INVITE firstname.lastname@example.org tid=-6ad60ef3 cseq=INVITE email@example.com:5060 / 101 from(wire) Help would be much appreciated, as I have "spent hours going around in circles"