The following is getting this message in the event logs:
"SIP PARSER ERROR MESSAGE: CANNOT FIND CRLFWhat does SIP PARSER ERROR MESSAGE: CANNOT FIND CRLF mean?
system notif 00767 NSCos45683What does SIP PARSER ERROR MESSAGE: CANNOT FIND CRLF mean
This log event message is indicating that the Juniper NetScreen Firewall/VPN device is having problems parsing SIP packets because it cannot find the carriage return line feed commands - CRLF in the SIP request or SIP response. SDP (Session Description Protocol) requires that there should be an CRLF terminating in each line with either an SIP request or response for distinguishing between message boundaries.
There are some SIP implementations that leave out the trailing CRLF after the SDP body and compute the content-length accordingly, which does not comply with RFCs and which the Juniper Netscreen device does not currently support.
Workaround:To eliminate these log messages, define the policy by specifying the "IGNORE" option in the Application pulldown.
In customer environments where no sip packets pass, there could be other packets using port 5060; which will trigger sip alg. These packets, of course, do not match the sip rfc definition; thus the error.
The solution for this is to turn off sip alg.
Troubleshooting
