1.Check the configuration and there is no SIP NAT ALG configuration.Confirm with customer and let him enable it.
After enable SIP NAT ALG funtion, both sides cannot hear each other. Let customer capture packets to further analyze.
2.Afte get the pacekts, find the packets from inside PBX server with public address Z.Z.Z.Z with port 4984
After SIP parameter negoiation, IP Phones will communicate with each other using RTP protocol.
When there is no SIP NAT ALG, AR router will change the source IP and source port of RTP traffic and send to SIP Proxy.
The source Port is 10241 and destination port is 8482. The source port is not 4984.
However, when SIP Proxy replied the traffic, it did not know the its destination port is changed because it will reply packets with destination port negoiated in SIP Message which is 4984
When packets arrived on AR router, there is no nat session table for destination port 4984 and the packets will be dropped. That is why inside user cannot hear. But AR can send out the traffic to SIP proxy. there is no problem for ouside user.
3.Based the capture packets, we suggest customer change the configuration on inside PBX. Usually, PBX server should not set the contact IP in SIP Message as Public IP. Let them change it to private IP and enable SIP NAT ALG on AR router. AR router will change the private IP to public one and does not change the port for RTP stream.
4.After change the configuration, the problem is solved.