ims-aka-profile

	name                           profile
	protected-client-port          PORT-SDC
	protected-server-port          PORT-SDS
	encr-alg-list                  aes-cbc des-ede3-cbc null
	auth-alg-list                  hmac-sha-1-96

When the UE receives the 401Unauthorized challenge from the Oracle Communications Session Border Controller acting as P-CSCF, both devices have the information to set up security association for two IPSec channels. The UE establishes the second TCP connection via IPSec channel from the UE's PORT-UEC to the P-CSCF's PORT-SDS, and the registration process continues.

Hereafter, the UE uses the IPSec channels from communication.

1. The UE and P-CSCF set up the TCP connection.
2. The UE sends an unauthenticated SIP Register message to the P-CSCF’s unprotected server port (usually 5060). The Register message is forwarded to the UE's Home S-CSCF. The S-CSCF then replies with a the SIP 401 Authentication Required response back to P-CSCF. This message contains encryption keys and authentication information.

   The P-CSCF modifies the 401 message back to UE. At this point, both UE and P-CSCF should have all the information need to establish secure IPSec channels.

3. The UE and P-CSCF create a TCP connection over a secure channel from port-ue-c to port-sd-s.
4. The UE sends an authenticated REGISTER over the secure channel via the P-CSCF to the S-CSCF. If the authentication is valid, the P-CSCF will forward the 200 OK response from the S-CSCF to the UE. The 200 OK response will be sent in the same secure TCP connection.