[Serusers] re: question - digest authentication and firewall

hi all- i have the following setup: 1. ser running on 5060 2. nathelper/rtp 3. mysql database w/digest authentication now, i have a client on a private network (NAT) behind a firewall. port 5060 tcp is on the firewall is open as well as 35000 to 37000 UDP (rtpproxy is set to run between these ports). when i plug the client into a regular, non-firewalled home router, it registers properly (register->401->register again->OK) when i put the same client behind the firewall, it 401's twice. i am 100% sure the password is correct. is there something else that needs to be open? I dont really understand the authentication mechanism - does the password come via a different port or something like that?