Sorry, but that links just reiterates my comment that the inspect command can be used as "in" on the ingress and "out" on the egress. What I want to know is if there is any advantage or disadvantage of using one form or the other? I typically has used it as "in" on the ingress" but I have seem some examples using it as "out". Why?

Thanks,

Diego

okie let me explain in detail

Lets say you have 3 Interfaces on router e0,e1,e2

e1

|

Router--->e0-->(Internet)

|

|

e2

Now in case you want to inspect traffic originating from both 1 and 2 going to outside world then apply Inspect on e0 in "out" direction

In case you only need to monitor the traffic from e1 , then apply inspect on e1 in "in" direction

OK, I guess it saves you one line of config.

Thanks,

Diego

One difference I found from experience. When you want to inspect router generated traffic to the internet i.e. dns, icmp etc... you need to apply the inspect rule on the outside interface out.

If you apply it on the inside interface in it will not inspect router generated traffic such as DNS and ICMP even if you change the source interface to be inside.

p.s dont forget though for router generated traffic you also need to specify the router-traffic keyword on those inspects that support it such as....

ip inspect name Internet h.323 router-traffic

ip inspect name Internet sip router-traffic

ip inspect name Internet tcp router-traffic

ip inspect name Internet udp router-traffic

ip inspect name Internet icmp router-traffic