I have about 300 users going through a Cisco 2801 router with IOS Firewall to get to the internet. All of these users have to go through a proxy server to get to the internet and that server sits on the other side of the T1 from this router. So, I have numerous connections to the proxy server going through this router at one time. The internet at times is slow or sometimes non responsive when I have ip inspect and access lists enabled. When I take the ip inspect and access lists off the interfaces everything seems to work normally. I have tweeked the one-minutes max high to 2500 and low to 1000, because I was getting warnings from the logs saying the one-minute thresholds have been met. Is bypassing all source LAN traffic from being inspected when the destination is the Proxy server across the T1 a good idea or is that even possible? If so how do you do that?
Config is attached.