You need to apply your IP inspect in the opposite direction of your external interfaces ACL. So, if you have an ACL applied inbound on your external interface you need to apply your IP Inspect list outbound. The reason being, CBAC will inspect your outbound packets and then dynamically insert "permit" entries at the top of your inbound ACL to allow traffic flow that's part of the same session back in to your network.
HTH, Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43872&t=43802 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
