I've got a fortigate 400A at a client's site. They've got a /26 from British Telecom, and we're using 4 of those IPs as a NAT Pool.

Is there a way to say that traffic from 172.18.4.40-45 can only ever come out of (and hence go back into) x.x.x.140 as the external IP?

We're having some problems with SIP which looks like it's coming out of one, and trying to go back into another.

I tried enabling asymmetric routing, didn't work.

I tried setting a VIP, but even when I did that, it didn't appear to do anything.

Any ideas? I can probably post some firewall snippets if need be.. Tell me what you want to see.

SIP ALG

config system settings
    set sip-helper disable
    set sip-nat-trace disable
    set sip-tcp-port 5061
    set sip-udp-port 5061
    set multicast-forward enable
end

Interesting Sidenote

VoIP phones, with no special configuration can register fine to proxy.sipgate.co.uk, which has an IP address of 217.10.79.16. Which is cool.

Two phones are using a different provider, whose proxy IP address is 178.255.x.x.
These phones can register for outbound, but inbound INVITEs never make it to the phone.

Is it possible that the Fortigate is having trouble with 178.255.x.x as it's got a 255 in it? Or am I just imagining things?