Index: channels/chan_iax2.c
===================================================================
--- channels/chan_iax2.c	(revision 176252)
+++ channels/chan_iax2.c	(working copy)
@@ -237,7 +237,8 @@
 enum {
 	IAX_STATE_STARTED = 		(1 << 0),
 	IAX_STATE_AUTHENTICATED = 	(1 << 1),
-	IAX_STATE_TBD = 		(1 << 2)
+	IAX_STATE_TBD = 		(1 << 2),
+	IAX_STATE_AUTHCHALLENGED =  (1 << 3),
 } iax2_state;
 
 struct iax2_context {
@@ -5394,6 +5395,11 @@
 		if (authdebug)
 			ast_log(LOG_NOTICE, "No registration for peer '%s' (from %s)\n", peer, ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr));
 		ast_copy_string(iaxs[callno]->secret, "invalidpassword", sizeof(iaxs[callno]->secret));
+		if (ast_test_flag(&iaxs[callno]->state, IAX_STATE_AUTHCHALLENGED)) {
+			return -1;
+		} else {
+			return 0;
+		}
 		return -1;
 	}
 
@@ -6099,6 +6105,8 @@
 		return 0;
 	}
 
+	ast_set_flag(&iaxs[callno]->state, IAX_STATE_AUTHCHALLENGED);
+
 	/* SLD: third call to find_peer in registration */
 	if ((p = find_peer(name, 1))) {
 		lastauthmethod = p->authmethods;
@@ -7850,7 +7858,9 @@
 				/* For security, always ack immediately */
 				if (delayreject)
 					send_command_immediate(iaxs[fr->callno], AST_FRAME_IAX, IAX_COMMAND_ACK, fr->ts, NULL, 0,fr->iseqno);
-				register_verify(fr->callno, &sin, &ies);
+				if (register_verify(fr->callno, &sin, &ies)) {
+					auth_fail(fr->callno, IAX_COMMAND_REGREJ);
+				}
 				if ((ast_strlen_zero(iaxs[fr->callno]->secret) && ast_strlen_zero(iaxs[fr->callno]->inkeys)) || ast_test_flag(&iaxs[fr->callno]->state, IAX_STATE_AUTHENTICATED)) {
 					if (f.subclass == IAX_COMMAND_REGREL)
 						memset(&sin, 0, sizeof(sin));