[Asterisk-Users] Out of State
Norman Zhang
norman.zhang at rd.arkonnetworks.com
Tue Dec 14 20:07:28 MST 2004
Hi Kristian,
Kristian Kielhofner wrote:
> Norman Zhang wrote:
>> My firewall allows the first SIP packet out from * (running NAT), but
>> then it follows by dropping it saying "SIP Reason: SIP Validator: Out
>> of State." May I ask how can I solve this?
>
> With not much to go on, I am guessing that you have some commercial
> firewall product - i.e. Checkpoint or something that actually has a
> module called "SIP validator". Honestly, your best bet is to turn that
> feature off and utilize more conventional port-based protection.
You are absolutely right. I'm using Check Point. Unfortunately, that is
all they offer in the log. My * is running NAT. I used static map for
the setting.
Any->Ast_Ext->SIP=Any->Ast_Int->SIP
Ast_Int->Any->SIP=Ast_Ext->Any->SIP
Do I need to set nat=yes in sip.conf? I'll test with the various SIP
settings in Check Point and report back.
Regards,
Norman Zhang
More information about the asterisk-users
mailing list