We have recently installed a new Cisco 837 router running IOS version
12.3(2)XC2 and an issue relating to CBAC / 'ip inspect' command has come to light.When the 'ip inspect' command is applied outbound only on the Dialer0 interface, we are able to access/browse the Internet from the internal network successfully but cannot receive incoming mail. Outgoing e-mail is fine.
However, when the 'ip inspect' command (outbound) is removed from the Dialer0 interface altogether, we are able to receive incoming mail but cannot get to the Internet at all.
We've worked around this by applying the 'ip inspect' commands to the Dialer0 interface both in AND outbound so as not to disrupt service but think that surely this must only be a temporary measure due to the increased security risk.
This router is configured in practically exactly the same way as another 837 also running IOS version 12.3(2)XC2. With the 'ip inspect' command applied outbound only on the Dialer0 interface of this second router, we see none of the same issues and everything works fine.
I think that this may be a symptom of a misconfiguration rather than a problem in itself but I don't know what. Could it be NAT or route maps?
I will post config if anyone wants to have a look.
Thank you in advance for you help & suggestions.