Hello Johan, When we configure
*ip inspect name test udp router-traffic* and apply it outbound on s0/1/0 , this matches the udp traffic that is geneated by the router and creates dynamic openings for the return traffic. In this case, when the router generate NTP requests, sessions are created in the router and the returning Response is allowed , despite the interface ACL blocking it. Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
