You can do this over NAT. Not recommended, but if you forward the following ports you can get your J179 and Equinox working without an SBC.
5060-5061 TCP
5060-5061 UDP
10000-20000 UDP ( check your RTP Range in IPO..This is my range )
Forward those ports to your IPO.
For provisioning phones on from outside the IPO LAN, you need to do an extra step.
First from within the LAN go to http:ipoffice_address/46xxsetting.txt and copy the txt to a file.
Now on a public web server that your J179 and Equinox can access, create a text file called 46xxsettings.txt and past in the contents you copied. Save.
You will also need to download the security certs from the IP Office and place them in the public web server were you created the 46xxsettings.txt file. Make sure the name of the cert matches what is in the 46xxsettings.txt file. Just search the 46xxsettings.txt for SET TRUSTCERTS and make sure your name the cert exactly what you see on that line.
Now in the J179 just specify the http address as the IP address to the web server you have those files stored on. When it boots up, it checks the http address for the 46xxsettigs.txt file, downloads the cert, and registers to the IP Office.
FYI.. I use an apache web server to host my phone settings files and firmware.
Although this works, you need to make sure your IP Office is hardened if you are exposing it this way. My system is a lab system, so I can afford to throw caution to the wind.
As tlpeter stated, the only way you SHOULD do this is with an Session Border Controller.