These parameters are only an example and you might need to change it based on your local setup to work properly.
fromdomain= (local Switchboard IP/DNS)
canreinvite=no (this can be changed to "yes" if you allow bypassing RTP traffic, you must allow RTP from ANY IP Address)
(canreinvite= was renamed to directmedia= in Asterisk 1.6.2 to more accurately describe what this setting does. See also the closely related setting directrtpsetup)
Optional (highly recommend for security):
The "allowguest" line disables anonymous SIP calls to your PBX. Some SIP providers connect as a guest user, however, so this may be inappropriate for your situation.
Also, if you want to accept anonymous SIP calls, this line would block them, so you wouldn't want that. But it is listed here because it is the safest configuration.
The "alwaysauthreject" line is important. This causes a hacker to get the same response from your PBX when they try to guess passwords whether or not they guessed a valid username.
This also has the side effect of making poorly written scanning scripts (the vast majority of hacker scripts seem to be poorly written) take less resources on your Asterisk box, as even if they scan a valid username, they'll think it doesn't exist.
In addition to these, verify that all peers listed in sip.conf are valid and have strong passwords.
Please make sure you allow ALL traffic from the following IP Addresses:
Asterisk does not support DNS SERVER lookups for inbound calls. If you also have virtual phone number with your SIP Trunk service please add the following line to the