I see. Thanks! Is there any documentation on this behavior? For the case where inspection is applied to an inside interface, the doc seems to say that we can have either an outbound ACL on that inside inferface or inbound ACL on the outside interface(s) for CBAC to add the temporary entries to. if both are present, I guess both will be added to?
... View more
Thanks for the reply! If the router has multiple interfaces, how can it determine which is the outside interface to add the temporary entries to?
... View more
Hi, I am trying to understand the example at http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_content_ac.html#wp1002224 in which the "ip inspect" command is applied to Ethernet 1/0 but the document says that the dynamic temporary entries will be created in the ACL 100 which is applied to another interface (Etherent 1/1). Is this true? I am under the impression that "ip inspect ... in" will add entries to the outbound ACL for the same interface, while "ip inspect ... out" will add entries to the inbound ACL for the same interface. Thanks in advance!
... View more