IMS 5G AND LTE IMS network -> UE RFC 3261 / 3GPP TS 24.229

IMS SIP 401 Unauthorized

401 Unauthorized challenges the request and asks the sender to retry with authentication.

Message Fact Sheet

Protocol	ims	Network	5G and LTE
Spec	RFC 3261 / 3GPP TS 24.229	Spec Section	SIP 401 Unauthorized authentication challenge in IMS
Direction	IMS network -> UE	Message Type	SIP request-failure response

Full message name	IMS SIP 401 Unauthorized
Protocol	IMS
Technology	5G and LTE
Common deployment	VoNR and VoLTE
Direction	IMS network -> UE
Interface	Gm with onward IMS routing
Signaling bearer / channel	IMS SIP signaling / Authentication challenge response
Typical trigger	The request needs authentication credentials before it can continue.
Main purpose	Triggers the SIP authentication exchange instead of rejecting the service permanently.
Main specification	RFC 3261 / 3GPP TS 24.229, SIP 401 Unauthorized authentication challenge in IMS
Release added	See specification history
Procedures where used	IMS Registration, IMS Session Authentication, VoNR IMS Registration, VoLTE IMS Registration

What is IMS SIP 401 Unauthorized in simple terms?

401 Unauthorized challenges the request and asks the sender to retry with authentication.

Triggers the SIP authentication exchange instead of rejecting the service permanently.

Why this message matters

401 usually means the request must be retried with authentication.

Where this message appears in the call flow

IMS Registration
IMS Session Authentication
VoNR IMS Registration
VoLTE IMS Registration

Call flow position

Previous message(s): IMS SIP REGISTER, IMS SIP INVITE

Next message(s): Authenticated retry of the same request

Message direction and transport

Sender and receiver: IMS network -> UE

Interface: Gm with onward IMS routing

Domain: IMS authentication

Signaling bearer: IMS SIP signaling

Logical channel: Authentication challenge response

Transport / encapsulation: SIP over UDP, TCP, or TLS

Security context: Closely tied to IMS AKA or digest-style authentication.

Message Structure Overview

401 is usually not the end of the story. It starts the authentication retry sequence.

ASN.1 Message Syntax for IMS SIP 401 Unauthorized

SIP/2.0 401 Unauthorized
Via:
From:
To:
Call-ID:
CSeq:
WWW-Authenticate:
Content-Length: 0

How to read this message syntax

This is SIP response syntax rather than ASN.1.

IMS SIP 401 Unauthorized - Example Dump

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP ue.example.net;branch=z9hG4bK-reg1
From: <sip:alice@example.net>;tag=reg1
To: <sip:alice@example.net>;tag=pcscf1
Call-ID: reg-001@example.net
CSeq: 1 REGISTER
WWW-Authenticate: Digest realm="ims.example.net", nonce="abc123"
Content-Length: 0

Important Information Elements

IE	Required	Description
`Status-Line`	Yes	Shows the 401 challenge code.
`WWW-Authenticate`	Yes	Carries the authentication challenge details.

Detailed field explanation

`Status-Line`

Shows the 401 challenge code.

Presence: Required

In practice: In practice, compare this field with the original request and with any later release-dependent optional fields so you can see whether the network accepted the same service model the UE asked for.

`WWW-Authenticate`

Carries the authentication challenge details.

Presence: Required

Common Issues and Troubleshooting

IMS registration or session setup loops at authentication.

Likely cause: The challenge is normal, but the retry may be missing or incorrect.

What to inspect: Check the challenge headers and the next retried request with Authorization.

Next step: Treat 401 as an authentication step, not as a final rejection by itself.

FAQ

What does 401 Unauthorized mean in IMS?

It means the request needs authentication and should usually be retried with the proper credentials.

Related Procedures

Related Tools

Use This Reference in Practice

Decode this message with the 3GPP Decoder, inspect the related message database, or open the matching call flow to see where this signaling step fits in the full procedure.