You need to inspect control plane protocol which initiates RTP connections, e.g. SIP, and allow traffic of this protocol in Access Control Policy. In this case firewall will open pinholes for RTP and do NAT automatically. Inspection of VoIP protocols, like SIP, should be enabled on FTD by default. Look at "show run policy-map".
