I have inherited a large mpls enterprise network. Many of the 100+ sites have a vpn failover. The IOS version is 12.4 Adv Security on 1760/2801 routers. Here is one example:
description BrightHouse cable $FW_OUTSIDE$
ip address x.x.x.254 255.255.255.252
ip access-group 103 in
ip verify unicast reverse-path
no ip redirects
ip nbar protocol-discovery
ip inspect standard in
ip route-cache flow
no cdp enable
crypto map myset
After reading up on IOS firewall it seems that it should applied outbound instead of inbound since it connection would be initialed from the inside going out?? Any input would be greatly appreciated!
Yes, it should be "ip inspect standard out".
"ip inspect standard in" will inspect traffic initiated from outside in, but you need to inspect traffic that is initiated from inside out.
Be careful what traffic you allow into the network on access-list 103. That traffic can be initiated from outside and not be inspected by the firewall.
I agree that it should be applied outbound. The firewall will track connection states and the majority of traffic is 'inside' to 'outside'. You can apply it inbound, but only if you'll be hosting services and generally the service would need to change ports (ie passive ftp), otherwise an ACL should suffice on the outside interface.
Hope that helps.