Hello. I'm having a few problems getting my ip inspect statments working properly. I have an inspect list that covers TCP and UDP outgoing, and an access list inbound that denys everything. For the most part, it works, but it doesn't load certain pages very well. Things like google maps don't load the maps, and other "dynamic" pages have problems. Has anyone else run into this before? Here are my statements:
ip inspect max-incomplete high 9000 ip inspect max-incomplete low 9000 ip inspect one-minute high 9000 ip inspect one-minute low 9000 ip inspect name MYFW tcp audit-trail on timeout 1800 ip inspect name MYFW udp audit-trail on timeout 10
interface Dialer1 ip address negotiated ip inspect MYFW out ip access-group 101 in ip access-group ALL out ip nat outside ip virtual-reassembly max-fragments 45 max-reassemblies 300 timeout60 encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1
ip access-list extended ALL permit ip any any
access-list 101 permit tcp any any eq domain access-list 101 permit udp any any eq domain access-list 101 permit tcp any any established access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 deny icmp any any
Any suggestions would be great!