DonGould:sbiddle: but should probably spend the time actually fixing the double NAT problem because it's just bad network design.
Sure. Can you quote me for some public ip space? At $5 an IP it's very expensive.
The real answer is to move to IPv6, but it seems that Cisco don't currently provide v6 firm ware for this stuff.
That's no excuse for double NAT - the SPA should just be behind the first NAT firewall and I see very little reason for the SPA to have a public IP, especially with the security risks of exposing it to the internet, particularly if you don't have source IP restrictions in place for SIP traffic.