If I just did the followingip inspect name myfw udp timeout 15ip inspect name myfw tcp timeout 3600wouldn't that encompass the rest?
I believe so, but a firewall that looks other kind of traffic/doing deep inspection should be more useful. If you want more examples look here:»etutorials.org/Networking/Router···xamples/--All Is possible...
Thanks for your help.I added the following:ip inspect name myfw udp timeout 15ip inspect name myfw tcp timeout 3600and then removed the 'permit any any' from the acl.Web browsing works, but my sip phone on my desk does not.I entered the following but still no luck.ip inspect name myfw sip timeout 3600ip inspect name myfw sip-tls timeout 3600Appreciate any help.
disregard, I got the sip phone to work.
glad to see you got it working! as you may know, it is a good practice to explicit deny everything after all your "permits" on the inbound access list. What I meant, in plain english is to put:
access-list 101 deny ip any any
access-list 101 permit ip any any