diff --git a/misc/examples/kemi/kamailio-basic-kemi-native.cfg b/misc/examples/kemi/kamailio-basic-kemi-native.cfg
index c95517cc9e1..984c45b8774 100644
--- a/misc/examples/kemi/kamailio-basic-kemi-native.cfg
+++ b/misc/examples/kemi/kamailio-basic-kemi-native.cfg
@@ -20,18 +20,20 @@ request_route {
 		exit;
 	}
 
+	# handle retransmissions
+	if (!is_method("ACK")) {
+		if(t_precheck_trans()) {
+			t_check_trans();
+			exit;
+		}
+		t_check_trans();
+	}
+
 	# handle requests within SIP dialogs
 	route(WITHINDLG);
 
 	### only initial requests (no To tag)
 
-	# handle retransmissions
-	if(t_precheck_trans()) {
-		t_check_trans();
-		exit;
-	}
-	t_check_trans();
-
 	# authentication
 	route(AUTH);
 
@@ -86,8 +88,14 @@ route[RELAY] {
 
 # Per SIP request initial checks
 route[REQINIT] {
+	# no connect for sending replies
+	set_reply_no_connect();
+	# enforce symmetric signaling
+	# - send back replies to the source address of request
+	force_rport();
+
 #!ifdef WITH_ANTIFLOOD
-	# flood dection from same IP and traffic ban for a while
+	# flood detection from same IP and traffic ban for a while
 	# be sure you exclude checking trusted peers, such as pstn gateways
 	# - local host excluded (e.g., loop to self)
 	if(src_ip!=myself) {
@@ -102,11 +110,12 @@ route[REQINIT] {
 			exit;
 		}
 	}
-	if($ua =~ "friendly-scanner") {
-		sl_send_reply("200", "OK");
+#!endif
+	if($ua =~ "friendly|scanner|sipcli|sipvicious|VaxSIPUserAgent|pplsip") {
+		# silent drop for scanners - uncomment next line if want to reply
+		# sl_send_reply("200", "OK");
 		exit;
 	}
-#!endif
 
 	if (!mf_process_maxfwd_header("10")) {
 		sl_send_reply("483","Too Many Hops");
@@ -118,8 +127,8 @@ route[REQINIT] {
 		exit;
 	}
 
-	if(!sanity_check("1511", "7")) {
-		xlog("Malformed SIP message from $si:$sp\n");
+	if(!sanity_check("17895", "7")) {
+		xlog("Malformed SIP request from $si:$sp\n");
 		exit;
 	}
 }