Following this asipto guide:

http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb

I've found that no auth is required to create a communication: Invites are sent regardless of a previously done auth with the kam's auth_db

I've used this sip checker:
http://www.sinologic.net/proyectos/asterisk/checkSecurity/

Result: 

Uh oh! you allow external calls...
Configure better your sip configuration to avoid this calls

SIP/2.0 100 trying -- your call is important to us

What is missing in the config file explained in the guide?

Manuel