I have a IPSec VPN created between 2 Fortigate devices. The phone system is a ShoreTel system. I have a data VLAN and a voice VLAN. I can ping everywhere. I have a ShoreGear90 at each location. The ShoreGear90s can see each other and register with the Headquarter Server. I can call locally, but when I try to call an extension on the other side of the VPN the RTP traffic is rejected. I ran WireShark to validate this. I have the ports for the RTP traffic dynamicallly assigned. I can tie the RTP traffic down to a single port-5004.