3.5.6 Timer Events

If the connection timer fires and the client endpoint has not been authenticated using [MS-SIPAE] section 3 on the connection, the outbound proxy MUST close the connection and release all states associated with the connection to prevent a denial of service attack.

If the idle timer fires, the outbound proxy SHOULD close the connection and release all states associated with the connection. This is to remove any stale state in the case where the protocol client has crashed.