Thank you everyone for your responses.
I think you may be correct here. Is the SBC on your premises? I'm thinking your 3300 needs to be pointing the internal interface of the SBC.
We have a router onsite (managed by our SIP provider), but I'm not sure whether that's performing the SBC function as well. I do know that it is doing 1:1 NAT for the PBX but it isn't doing port forwarding i.e. packets to/from the PBX that traverse the CPE router have their source/destination addresses rewritten but all other traffic is passed through untouched. Traffic that is sent directly to the LAN interface of the CPE router (e.g. SIP on port 5060) results in an ICMP 70 "destination unreachable" response suggesting to me that port forwarding isn't enabled. Our SIP trunk provider says that the router only does pass through 1:1 NAT for traffic to/from the PBX. The router's WAN interface has a public address which is presented as the public PBX address.
Has your VAR verified that the carrier has been verified by Mitel's COE?
I'm not sure but I know they have plenty of other Mitel customers that are using their service and they don't seem to be having any problems.
media will always be from the endpoint not from the ICP unless you use MBG as a SIP proxy
I've seen a lot of people say something along these lines and in the back of my mind I keep thinking "how can this work without some kind of ALG/proxy?", but our SIP trunk provider assures us that it does, and I know other Mitel customers are using their service without the need for any extra kit.
I recently did an install with Level3 as the SIP Provider. We had a problem where the phones were out-pulsing the Private IP instead of the Public address needed to properly send back. The fix was easy. You use the URI/Number Translation form.
I tried this and it didn't seem to make any difference.
Did a packet trace and the contents of the SDP packet remained unchanged - not sure if I'm missing something.