diff -urN certified-asterisk-11.2-cert2/channels/chan_sip.c certified-asterisk-11.2-cert2-patched/channels/chan_sip.c
--- certified-asterisk-11.2-cert2/channels/chan_sip.c	2013-08-27 15:22:36.000000000 -0400
+++ certified-asterisk-11.2-cert2-patched/channels/chan_sip.c	2013-10-13 20:19:24.927551680 -0400
@@ -17902,7 +17902,7 @@
 }
 
 /*! \brief Validate device authentication */
-static enum check_auth_result check_peer_ok(struct sip_pvt *p, char *of,
+static enum check_auth_result check_peer_ok(struct sip_pvt *p, char *of, char *domain,
 	struct sip_request *req, int sipmethod, struct ast_sockaddr *addr,
 	struct sip_peer **authpeer,
 	enum xmittype reliable, char *calleridname, char *uri2)
@@ -17917,8 +17917,16 @@
 	 	*/
 		peer = sip_find_peer(of, NULL, TRUE, FINDALLDEVICES, FALSE, 0);
 	} else {
-		/* First find devices based on username (avoid all type=peer's) */
-		peer = sip_find_peer(of, NULL, TRUE, FINDUSERS, FALSE, 0);
+		/* Make sure the device is from a local domain */
+		if (AST_LIST_EMPTY(&domain_list) || check_sip_domain(domain, NULL, 0)) {
+			/* First find devices based on username (avoid all type=peer's) */
+			peer = sip_find_peer(of, NULL, TRUE, FINDUSERS, FALSE, 0);
+		}
+		else {
+			if(debug)
+				ast_verbose("Unknown peer from domain %s\n", domain);
+			peer = NULL;
+		}
 
 		/* Then find devices based on IP */
 		if (!peer) {
@@ -18226,7 +18234,7 @@
 		}
 	}
 
-	res = check_peer_ok(p, name, req, sipmethod, addr,
+	res = check_peer_ok(p, name, domain, req, sipmethod, addr,
 			authpeer, reliable, calleridname, uri2);
 	if (res != AUTH_DONT_KNOW) {
 		return res;