We have a 1720 router with FW feature set. We currently have it inspecting traffic exiting INT S0.
Now that we have a Pix behind this router we want to remove the inspection on this 1720 to free up CPU resources and hopefully improve the MLPPP problems we are running into (dropped packets due to high CPU load).
I added the following line to the Inbound ACL on the S0 interface
access-list 103 permit tcp any any gt 1023 established
Then I removed the IP Inspect from that interface. At that point I was no longer able to access the Internet (I believe the return traffic was being blocked).
Are there any temp ACL's that might still be attached to the S0 interface left over from the IP Inspect?