Hi im racking my head a bit with this one and wondered if someone could shed some light on it for me I've got a juniper firewall in a remote site - its currently got 5 public ip address's. Ive used 3 of these address's to do one to one nat to some sip phones from a sip providers public PBX - that all works fine. The site have got another line in and want to use this other line which has only got one public ip address. Ive been told to sort out full cone nat to allow the sip phones to work via one public ip. This line also has a vpn running down it as well as a default internet connection. I'm a bit puzzled about how to achieve this on - ive read about full cone nat and from what ive read this is generally used to do many internal/ private connection out on a particular port. Im assuming im meant to reverse this so its incoming from the sip providers ip to the 3 sip phones internally. Does this make any sense and is full cone nat the way to go ?