Hello,
Lets use CBAC
Ip inspect name test ICMP router-traffic
ip inspect name test tcp
ip inspect name test udp
interface fastethernet 0/1 (Inside interface of the router connectin to the lan)
ip inspect test in
This will allow all communications from inside users to outside users. If the outside users wants to initiatte a connection there got to be an ACL on the outside allowing the communication, if not it would be impossible.
TCP, UDP and ICMP replies by outside users will be accepted by the IOS firewall.
Do rate helpful posts.
Julio
Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC