I'm curious about a strange FW behavior. If i use the following command:
no ip access-group 108 in
make some adjustments to the acl, and the enable the access-list again with the command:
ip access-group 108 in
Just a thought...
I wonder if the application of the ACL on the interface after a TCP connection is established doesnt recognize the start of the session and maybe thinks its 'half open' and drops it?