Unauthorized 403


I an trying to setup sip

;Turn off silence suppression in X-Lite (“Transmit Silence”=YES)!
;Note that Xlite sends NAT keep-alive packets, so qualify=yes is not needed
nat=yes ; X-Lite is behind a NAT router
canreinvite=no ; Typically set to NO if behind NAT
allow=gsm ; GSM consumes far less bandwidth than ulaw

am connfigured xlite softphone
when sniffing network i get:
phone sends request REGISTER
asterisk answers: Status: 100 trying
then Status: 401 Unauthorized

if I set phone configuration to not correct user and/or password
asterisk answers Status: 403 Forbidden

asterisk is behind nat, and phone is in the private address space

what is wrong?


Have you read everything that might be of use at:



If not, read the relevant information there first.

You’re not trying to go through a NAT router, so set NAT=no . i don’t think you’re going through a NAT router, anyway, judging by what you’ve said. If both the phone and the asterisk server are behind the same NAT router, on the same LAN, then NAT=no.

But what’s in your extensions.conf is important, as well as what’s in sip.conf.


As far as I understand the problem, you have an authentication problem.
The 401 message indicates that an authorization is asked by the server.

You can first try without authorization,

by removing the line “secret=5000”. You should not have the 401 response anymore.
type = friend
host =dynamic

should be enough

If you do it with authoriation

If you specify a secret, you will also need:
username = 5000 ; same as username in X-lite
secret = xxxx ; same secret as in X-Lite

in the general part of SIP.conf
realm=yyyy ; same as domain/realm in X-Lite

in many cases yyyy will be the name of the domain, but doesn’t matter, as long as it’s the same on both sides.

Now you will see a 401 message, where asterisk tells that authorization isrequired. In the body of the message, you will find the specified realm and a nonce (random number used for challenging procedures during authentication). This is a normal behaviour with authentication.

The phone will register again, but will add authentication data (username, realm,…) in the body of the message.

I hope this will help.

Best regards