I want to report success setting up 3CX with a Cisco ASA 5505 (version 8.2) without using port forwarding. 3CX version: 8.0.10116.583 Generic SIP provider (http://www.voipvoip.com) using trunking. 3CX PBX private address is 10.0.0.101 (It is worth mentioning that I had some difficulties getting version 7 to work on a PC with two Ethernet interfaces. For the results described here, everything was done here on a different PC with a single Ethernet interface). The Cisco ASA 5505 has SIP ALG support. This is nice because the PBX can protected by the firewall in the ASA. Here are the steps to configure the 3CX: - <settings><network setting> <turn off stun server> - <settings><network setting> <public IP to specify in contact and SDP> = 10.0.0.101 - <Add Voip providers> <advanced> <which IP to use in contact field for registration> = internal No changes to the Cisco ASA configuration (no special NAT rules, no changes to SIP settings, no special firewall rules). Everything worked fine (inbound, outbound and no call drops). This makes sense, because the settings above basically tells 3CX to not worry about NAT. The Cisco ASA with the SIP ALG takes care of all of that, including punching the correct holes for the RTP streams. Please note that the configuration above not allow you to connect using the 3CX tunnel from outside. To do that (if you need to), you need to punch holes through the Cisco ASA. Also, SIP connections are initiated from inside to the VOIP trunking provider (voipvoip.com above). This is not a problem, it is good security. best of luck.