I am looking for some information on what I should consider doing on my perimeter router that conencts me to an ISP. The rotuer links to a ASA 5510. Other than the usual spoofing ACL's what other ACL's should I consider? All outbound traffic will be allowed and I was considering blocking all inbound at the router accept for the pinholes we have allowed through our firewall (eg. SMTP, ICA, HTTP/S) Another question, if I apaply this ACL in the inbound direction, will the return traffic still be allowed? My understanding is that because a router ACL is not "stateful" (we will not have the firewall feature set) that the return traffic would be blocked by the inbound ACL.
Any information or help would be very much appreciated.