[Asterisk-Users] Out of State
Norman Zhang
norman.zhang at rd.arkonnetworks.com
Tue Dec 14 20:27:36 MST 2004
>>> My firewall allows the first SIP packet out from * (running NAT), but
>>> then it follows by dropping it saying "SIP Reason: SIP Validator: Out
>>> of State." May I ask how can I solve this?
>>
>> With not much to go on, I am guessing that you have some
>> commercial firewall product - i.e. Checkpoint or something that
>> actually has a module called "SIP validator". Honestly, your best bet
>> is to turn that feature off and utilize more conventional port-based
>> protection.
>
> You are absolutely right. I'm using Check Point. Unfortunately, that is
> all they offer in the log. My * is running NAT. I used static map for
> the setting.
>
> Any->Ast_Ext->SIP=Any->Ast_Int->SIP
> Ast_Int->Any->SIP=Ast_Ext->Any->SIP
>
> Do I need to set nat=yes in sip.conf? I'll test with the various SIP
> settings in Check Point and report back.
In addition, I'm seeing the following in the prompt. Any advice is welcome.
Dec 14 19:27:22 WARNING[1088113584]: chan_sip.c:683 retrans_pkt: Maximum
retries exceeded on call 327b23c6643c98696633487374b0dc51 at 127.0.0.1 for
seqno 102 (Critical Request)
Dec 14 19:27:36 NOTICE[1088113584]: chan_sip.c:4053 sip_reg_timeout:
Registration for 'normanzhang at iptel.org' timed out, trying again
-- parse_srv: SRV mapped to host sip.iptel.org, port 5060
Regards,
Norman Zhang
More information about the asterisk-users
mailing list