Hi,

If a SIP device is using TCP, to accept incoming calls it must bind on port 5060.
To call someone, this device must create a socket to reach the proxy on port 5060. The port source of this socket cannot be 5060 ! In TCP you cannot bind on a port and in same time using it in another socket. So the port source is generally chosen randomly (XYZ)

Now that all sockets and bind are done, what are the correct info used to create the Contact header ?
For me, the port used in the contact header in this case must be 5060 since the device accepts incoming calls on this port and never XYZ.

But in a NAT context, if this SIP device is behind a NAT, the port 5060 cannot be used to reach it ! It's necessary to reuse the socket previously opensed to reach it.

So in conclusion, the Contact header must be set with 5060 by the device and on the proxy side, if the client is detected behind a NAT, this Contact header is modified to used instead XYZ

Am I right ?

For TLS, the problem is the same but instead of 5060 it's 5061.

Thanks,
Christophe