There's a good chance that you have a public IP on your gateway.
There's also a good chance that this public IP doesn't have both TCP and UDP ports 5060 blocked.
That's my guess.
I would apply this ACL to your outside interface:
access-list 101 deny tcp any any eq 5060 log
access-list 101 deny udp any any eq 5060 log
access-list 101 deny tcp any any eq 1720 log
access-list 101 permit ip any any
If this is just two calls, then it may be a user and you would want to check your CDR records.
You may want to read this link anyway:
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_tech_note09186a00809dc487.shtml
hth,
nick