Are you trying to allow inbound or outbound access on your access-list 121? From what i read, it seems more for outbound than inbound access, please kindly confirm.
If it's for outbound access, you would either need to apply the access-list on the LAN interface (in direction), or on the WAN interface (out direction).
access-list 121 is for inbound access (from internet)
- access-group 121 in
inspect rule is applied on the same interface outbound
-ip inspect myfw out
Thank you Jennifer for confirming,
I have also another question about my second wan interface, I have 2 isp, wan2 is my vpn connection to branch office and wan1 is my internet access (with cbac on it - that is sorted now), now after wan1 is sorted I want also some sort of security on my vpn connection, what would be the best way to secure that connection, can I just apply
something like that on both sides ?
access-list 122 permit ip LAN1 LAN2