The first thing to check is to check the monitoring server reports for an error message. Usually the error is some thing like "Call failed to establish due to a media connectivity failure when one endpoint is internal and the other is remote"
Checking the candidate information from the SIP packets during the call. What we are looking for is that both the Edge AV Service IP address and the NAT IP address (of your home router etc) is being sent and received by the two clients.
If the candidate information is not being sent first thing to check is that the internal client can resolve the DNS host name of the Edge Server to the INTERNAL interface.
If the DNS results returned don't match the IP address of the internal check DNS to make sure that a error hasn't been made with a static entry and check that the Internet facing NIC's in the edge server. If there are dynamic entries in the DNS check that the "Register this connection's address in DNS"
From the NIC properties select "Internet protocol Version 4 (TCP/IP)
Select the DNS tab, then un-tick the "Register this connection's address in DNS"
The Media Relay Authentication Service (MRAS) is responsible for notifying the Lync client of the STUN and TURN IP address for ICE. This service run on UDP port 3478.
To check that the UDP port is open on the firewall between the Internal Lync clients and the Edge server running this service you can use the Microsoft tool PortQry
Lync Client Policy
There is a Lync client policy setting called "DisableICE", from Technet the DisableICE value is described as "When set to True, Lync 2010 will not use the Interactive Connectivity Establishment (ICE) protocol to traverse firewalls and network address translation (NAT) devices; this effectively prevents users from making Lync 2010 calls across the Internet. When set to False, Lync 2010 will use the ICE protocol to enable Lync 2010 calls to traverse firewalls and (NAT) devices." If this has been set to TRUE then the Lync Client wont communicate with the MRAS service.