The TUG log you are showing looks like a normal attempt at SIP hacking, especially coming from 33.22.11.00 (that is an ARPnet DoD Network Information Center IP address, unless you edited it) and it's pretty common to see those. The should not interfere with phones working, otherwise the log looks completely normal.
What if you get the current Teleworker Network Analyzer from the server and run it from a remote location? What is the result?