benjange Muchas gracias por tu respuesta.
El problema está en que fail2ban no banea ninguna IP para la jaula asterisk. Si está activada la jaula asterisk en fail2ban no registra ninguna extensión ni banea la IP, sólo registra la extensión al desactivar la jaula asterisk.
El conectar todo por VPN es poco viable, ya que casi todas las extensiones se registran a través de softphone app ios y android, y el usuario no puede estar continuamente conectando el teléfono a la vpn.
Posteo el resultado de iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
F2B_INPUT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain F2B_INPUT (1 references)
target prot opt source destination
f2b-asterisk-ami tcp -- anywhere anywhere multiport dports 5038
f2b-asterisk-udp udp -- anywhere anywhere multiport dports 0:65535
NFQUEUE udp -- anywhere anywhere multiport dports sip,sips,stanag-5066,authentx state NEW NFQUEUE num 1
f2b-asterisk-tcp tcp -- anywhere anywhere multiport dports 0:65535
f2b-postfix tcp -- anywhere anywhere multiport dports smtp,urd,submission
f2b-issabel-gui tcp -- anywhere anywhere multiport dports http,https
f2b-apache-botsearch tcp -- anywhere anywhere multiport dports http,https
f2b-apache-modsecurity tcp -- anywhere anywhere multiport dports http,https
f2b-apache-badbots tcp -- anywhere anywhere multiport dports http,https
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
f2b-apache-shellshock tcp -- anywhere anywhere multiport dports http,https
f2b-apache-fakegooglebot tcp -- anywhere anywhere multiport dports http,https
f2b-apache-nohome tcp -- anywhere anywhere multiport dports http,https
f2b-apache-overflows tcp -- anywhere anywhere multiport dports http,https
f2b-apache-noscript tcp -- anywhere anywhere multiport dports http,https
f2b-apache-auth tcp -- anywhere anywhere multiport dports http,https
Chain f2b-apache-auth (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-noscript (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-overflows (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-nohome (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-fakegooglebot (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-shellshock (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all -- 222.118.223.15 anywhere reject-with icmp-port-unreachable
REJECT all -- 103.94.250.174 anywhere reject-with icmp-port-unreachable
REJECT all -- 188.18.49.50 anywhere reject-with icmp-port-unreachable
REJECT all -- 43.156.4.248 anywhere reject-with icmp-port-unreachable
REJECT all -- 40.127.173.225 anywhere reject-with icmp-port-unreachable
REJECT all -- 157.245.104.206 anywhere reject-with icmp-port-unreachable
REJECT all -- 211-75-19-210.hinet-ip.hinet.net anywhere reject-with icmp-port-unreachable
REJECT all -- 35.223.46.89.baremetal.zare.com anywhere reject-with icmp-port-unreachable
REJECT all -- 167.99.182.194 anywhere reject-with icmp-port-unreachable
REJECT all -- xdsl-188-155-252-44.adslplus.ch anywhere reject-with icmp-port-unreachable
REJECT all -- 177.157.201.62.dynamic.adsl.gvt.net.br anywhere reject-with icmp-port-unreachable
REJECT all -- 183.81.169.238 anywhere reject-with icmp-port-unreachable
REJECT all -- 211-20-14-156.hinet-ip.hinet.net anywhere reject-with icmp-port-unreachable
REJECT all -- 49.235.69.63 anywhere reject-with icmp-port-unreachable
REJECT all -- 128.199.70.247 anywhere reject-with icmp-port-unreachable
REJECT all -- 177.222.106.232 anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.184 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Chain f2b-apache-badbots (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-modsecurity (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-botsearch (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-issabel-gui (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-postfix (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-asterisk-tcp (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-asterisk-udp (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-asterisk-ami (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Muchas gracias.
Saludos.