[SR-Users] Absorbing ack's

Hi all, I'm having an issue with ACK's being proxied. When an INVITE first comes in (new transaction, new dialog), I do a 'www_challenge(...)'. This makes the proxy send a '401 Unauthorized' reply. The client acknowledges this reply with "ACK". This ACK is 'absorbed' by the proxy. When during an established call/dialog the client sends an INVITE to set the call on hold, this is an in dialog INVITE (with to-tag etc). Although authentication for this INVITE isn't very necessary, my script does 'www_challenge' anyway. The proxy sends '401 Unauthorized', the client responds with 'ACK'. This ACK however is not 'absorbed' as it should be, but forwarded/proxied (or at least handed over to the routing script). Is this intended behaviour? If so, how can I recognize this ACK to be able to drop it? I found some related info in this email thread: http://lists.kamailio.org/pipermail/devel/2008-December/017246.html but doesn't discuss this exact issue. Though this isn't a big problem for me (the upstream gateway ignores the ack, and I can disable authentication for re-invite's), I'm curious why the proxy behaves this way. Hopefully someone can enlighten me. regards, Egbert.