Just because someone is doing NAT doesn't mean that the phones are exposed to the internet. The OP hasn't stated the "why" and making broad assumptions is not very helpful. One valid scenario is hosted UCM.
You are going to need to do some research and testing on this one. I'd recommend looking at NAT and ALG references in the Cisco UC SRND. I would also take a look at this (somewhat dated) document: