Hi, I found that on a PIX 501 I defined a 1 line ACL on inside interface:
access-list acl_inside permit TCP host inside-host host ext-host
and then when I added:
access-group acl_inside in interface inside
the users could not access anything outside of the network.
Why would this be?
If you do not want to restrict traffic from your branch office to any destination then you don't need an access-list on the inside interface.
If you do want to restrict the branch office traffic then yes you will need to add in all the permitted traffic to your access-list.