I am a novice with Cisco routers, so please forgive me if this question is a bit odd. I have a Cisco 871 router where the WAN interface is on the FastEthernet4 interface. What are the primary differences between associating an ip inspect rule for outgoing packets on this interface versus having an access-list that allows "established" packets through the interface. So, for example, I can have an ip inspect rule that states "ip inpsect DEFAULT100 out" and apply it to the FastEthernet4 interface via "ip inspect DEFAULT100 out." Or, I can simply have an ACL rule that states "access-list 100 permit tcp any any established" and apply it to the FastEthernet4 interface via "ip access-group 100 in." These both seem to accomplish the same thing--namely allowing client-initiated traffic back through the WAN interface into the internal network. What are the advantages/ disadvantages to each approach. I imagine the ip inspect rule takes more processing, but is more "diligent" about what types of packets it will allow through the interface into the internal network. Again, this is just a guess and I will defer to more knowledgeable users. Any insight that someone can provide is appreciated. I'm more interested out of curiosity than anything. Thanks.