outbound on Fa 4/0. The "reflect REMEMBER" will create a reflexive ACL entry called "REMEMBER" that we can apply on a second ACL inbound.
ip access-list extended GOING-OUT
permit tcp any any reflect REMEMBER permit udp any any reflect REMEMBER permit icmp any any reflect REMEMBER deny ip any any log exit interface fa 4/0 ip access-group GOING-OUT out do show access-list
ip access-list extended COMING-IN
evaluate REMEMBER deny ip any any log exit int fa 4/0 ip access-group COMING-IN in exit do show access-list
Context Based Access Control
conf t ! Deny any initial inbound traffic ip access-list extended DENY deny ip any any log int fa 4/0 ip access-group DENY in exit ! Create a Context Based Access Control ! (CBAC) inspection rule to remember ! TCP, UDP and ICMP ip inspect name REMEMBER TCP
ip inspect name REMEMBER UDP
ip inspect name REMEMBER ICMP ! Apply the inspection rule outbound ! on Fa 4/0 int fa 4/0 ip inspect REMEMBER out exit do show ip inspect interfaces