Are you using SIP inspection? If not I would suggest you use it. That will ensure that the firewall dynamically opens additional ports as required. Also, the firewall will modify all private addresses within the signaling packet to corresponding public IP. In addition, please make sure that your CCM device is not NAT aware i.e. it does not use public IP address in its signaling data.
As a first step, would it be possible for you to allow all traffic from outside to the translated IP of the CCM? This will help us understand if it is a inspection issue or something else. Also, can you please post the output of "show service-policy" command?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...