603 when recieving call from a peer IP

ok so FS is actually the username for a type=user
not user=xxxxx

username is deprecated, because it confuses people. The current name is defaultuser, and it is what goes in the request URI in outgoing request, if the peer isn’t registered. The value that is matched against the address of record is the section name.

Thanks for the clarification. So, to solve my problem of having of having multiple systems behind 1x IP address I have determined I cannot use host= otherwise we will not attempt auth and end up in the wrong context when 3rd party PABX tries to dial out
For inbound I can setup a friend (or user) and link the credentials to a context.

What about outbound? 1.1.1.1 needs to be setup inside sip.conf so it can be accessed as a trunk to get to freeswitch. Can I use host=dynamic in conjunction with outboundproxy=x.x.x.x ?
Is there something else I can do so I can use host=1.1.1.1 but still force auth even if the IP matches?
I do not want outbound calls to 1.1.1.1 to auth

[FS]
type=friend
secret=1234
dtmfmode=rfc2833
directmedia=yes
disallow=all
allow=alaw
nat=force_rport,comedia
context=Billing-DID

host=dynamic                 ;this will defenitely get all inbound calls to auth
outboundproxy=1.1.1.1        ;inbound will match creds so outbound take this route
**OR**
host=1.1.1.1                 ;outbound calls take this route, may effect inbound creds
insecure=no                  ;always get auth from inbound calls from 1.1.1.1

Freeswitch
<action application="bridge" data="{sip_auth_username=FS,sip_auth_password=1234}sofia/internal/$1@1.1.1.2"/>

[FS]
type=friend
secret=1234
dtmfmode=rfc2833
directmedia=yes
disallow=all
allow=alaw
nat=force_rport,comedia
context=Billing-DID
host=dynamic                 ;this will get all inbound calls to auth paired with insecure=no
host=1.1.1.1                 ;outbound calls take this route
insecure=no                   ;this will get all inbound calls to auth

This worked