403 forbidden on incoming calls

Hi Team,

I am a new Asterisk user - registered the SIP trunk and setup dialplan to forward incoming calls to internal extensions.

We are receiving 403 forbidden on incoming calls to SIP trunk - intermittently. The registration seems to be stable.

Please suggest the possible areas to look for the error.


Trying to authenticate calls from an ITSP. ITSPs generally want you to authenticate yourself, but won’t authenticate themselves, and certainly won’t do so with the same secret. Use remotesecret, rather than secret.

ITSP sends from an address for which you don’t have a peer configured.

ITSP is sending From addresses (caller ID) which look like local extension numbers. Define the local devices as peers, and/or follow best practice and do not use extension numbers to name devices.

Of course, just providing your configuration and all the logging would make this easier to answer.

or just simply insecure=invite

I prefer remotesecret, now that it exists, as insecure=invite tends to be used as a magic incantation, and the problem with such incantations is that they get used in places where they are wrong, and in this case, insecure. I think that remotesecret makes it easier for people to see what they are really doing.

Thank you David and Ambiorixg12. I have checked insecure=invite and still face the problem. I am yet to try remotesecret,

Incoming INVITE to Asterisk - 401 unauthorized sent - ACK received - INVITE sent again - 403 forbidden received.

Debug gives “No matching peer” and “handle_request_invite: Failed to authenticate device” on the failed calls. There is no issue observed with registration at our VoIP provider end.


In that case, my option:

ITSP sends from an address for which you don’t have a peer configured