Recently, we had a turnup that involved a Shoretel pbx switch in one city (in Ohio) and phones set up in the pbx in another distant city (in CA).  After several attempts to find out why the audio was being blocked on these transfers, the techs found that AT&T was blocking the audio.  This is part of a response I received from Curt, the IT Administrator-

"Please close case. Turns out, AT&T network based firewall was blocking the

RTP traffic to etherspeak on the MPLS network. Call would complete but no

audio passed. Put in static routes in Columbus OSPF (where SIP trunks

terminate) and advertise the 3 Etherspeak RTP WAN addresses and all was

well. What we did not understand with Etherspeak is that the call is setup

and torn down on the IPSEC tunnel. BUT, the Shoretel phones (at remote

sites) also require access to not just the HQ voice network, but also

access to the 3 Etherspeak RTP addresses on the internet. The RTP

initiates outbound (outside of the tunnel) to the Etherspeak internet RTP

addresses.  Thank you for spending time with us to explain how things work."

All firewalls, switches, AND phones must have our media gateways listed as trusted ip addresses both going from the LAN out to the WAN, and coming in from the WAN to the LAN.  If there are phones in the system that are remote, and there is one-way, or no, audio, there is almost certainly a router, switch, or firewall in between the two that is blocking this audio.   Trace routes can identify the hops that might be blocking this media.  If audio is being blocked, identify the isp's and contact them to see if they are blocking the audio.