3Com® VCX V7111 VoIP Gateway User Guide 275SIP Authentication ExampleV7111 gateways support basic and digest (MD5) authentication types, according to SIP RFC3261 standard. A proxy server might require authentication before forwarding an INVITEmessage. A Registrar/Proxy server may also require authentication for client registration. Aproxy replies to an unauthenticated INVITE with a 407 Proxy Authorization Requiredresponse, containing a Proxy-Authenticate header with the form of the challenge. Aftersending an ACK for the 407, the user agent can then resend the INVITE with a Proxy-Authorization header containing the credentials.User agent, redirect or registrar servers typically use 401 Unauthorized response tochallenge authentication containing a WWW-Authenticate header, and expect the re-INVITEto contain an Authorization header.The following example describes the Digest Authentication procedure including computationof user agent credentials.The REGISTER request is sent to Registrar/Proxy server for registration, as follows:REGISTER sip:10.2.2.222 SIP/2.0Via: SIP/2.0/UDP 10.1.1.200From: 122@10.1.1.200>;tag=1c17940To: 122@10.1.1.200>Call-ID: 634293194@10.1.1.200User-Agent: 3Com-Sip-Gateway/V7111 18 PORT FXS/v.4.20.299.410CSeq: 1 REGISTERContact: sip:122@10.1.1.200:Expires:3600On receiving this request the Registrar/Proxy returns 401 Unauthorized response.SIP/2.0 401 UnauthorizedVia: SIP/2.0/UDP 10.2.1.200From: >;tag=1c17940To: >Call-ID: 634293194@10.1.1.200Cseq: 1 REGISTERDate: Mon, 30 Jul 2001 15:33:54 GMTServer: Columbia-SIP-Server/1.17Content-Length: 0WWW-Authenticate: Digest realm="3Com.com",nonce="11432d6bce58ddf02e3b5e1c77c010d2",stale=FALSE,algorithm=MD5According to the sub-header present in the WWW-Authenticate header the correctREGISTER request is formed.Since the algorithm used is MD5, take:The username is equal to the endpoint phone number: 122The realm return by the proxy: 3Com.comThe password from the ini file: 3Com.The equation to be evaluated: (according to RFC this part is called A1).