Connecting Trixbox to Internet

First, are you sure about your network setup? Does your company own the entire 20.0.0.0, class A range. The 10.0.0.0 range is a reserved private range, but I believe that 20.0.0.0 is public.

If the 20 series of address are truly public, then you are performing NAT at the router that separates the two networks and that provides you with some isolation from the 20.0.0.0 network. You will need to open ports UDP 5060-5082 and UDP 10000-20000 on the router to the trixbox. Make sure you have configured your SIP_Nat.conf file with the externip=xxx.xxx.xxx.xxx, localnet=xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx directives. Externip is you external IP address on the router; in your case it should be 20.X.x.x something. The localnet directive is in the format of localnetwork/localnetwork subnet mask. There is plenty of info on how to do this on this forum and on voip-info.org. As far as anonymous SIP goes, as long as you don't have an any/any inbound route, I don't consider leaving it on a bad thing. I have been fooling around with this stuff for a couple of years now and I have only seen one SIP DOS attack, and it came through a carrier.

If you are using the 20.0.0.0 series of address as private address space, then I believe your firm has some basic networking issues that need to be resolved, before you start with security.