I have a Kamailio server setup which is registers to a back end server on behalf of endpoints. The endpoints can register to Kamailio but Kamailio is failing to register to the server when I put a NAT device in front of it. Without the NAT device it works fine.

The problem is the 401 that comes back seems to be ignored by Kamailio. I have a failure route setup to auth, but it is never hit. I see the 401 in onrely_route, but not the failure_route. I'm assuming it's a NAT issue because removing the device fixes the issue.

Anyone have any ideas?

The 401 being ignored:

SIP/2.0 401 Unauthorized

Via: SIP/2.0/UDP 10.0.10.11;branch=z9hG4bKe5d6.178378f7.0;received=198.XXX.XXX.XXX

Via: SIP/2.0/UDP 127.0.0.1:12354;rport=6545;received=198.XXX.YYY.YYY;branch=z9hG4bK-1879-1-3

From: <sip:sip7878_spqa@64.YYY.YYY.YYY>;tag=1

To: <sip:sip7878_spqa@64.YYY.YYY.YYY>;tag=as00e32130

Call-ID: 1-1879@127.0.0.1

CSeq: 2 REGISTER

User-Agent: CoreDialPBX

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO

Supported: replaces

WWW-Authenticate: Digest algorithm=MD5, realm="fe-c7c5-9o.domain.com", nonce="151e4f60"

Content-Length: 0

Thanks,

Marc