Configure CBAC on R5 for traffic going to the Internet. Apply outbound inspection on Ethernet0.
Configure ingress ACL 101 on Internet link Ethernet0 to protect from RFC1918. See Example 3-26.
Modify CBAC thresholds for TCP and UDP idle-time to 30 minutes and 15 seconds respectively. See Example 3-26.
Tune the firewall to start deleting half-open sessions at 1000 and stop when the connection drops to 800 sessions. See Example 3-26.
!Snip from R5 ip inspect max-incomplete high 1000 ip inspect max-incomplete low 800 ip inspect one-minute high 1000 ip inspect one-minute low 800 ip inspect udp idle-time 15 ip inspect tcp idle-time ...