IOS Firewalls require relatively few steps to set up. Therefore, misconfigurations are few and far between. This section looks at some of the issues that can cause the IOS Firewall to behave unexpectedly.
As with NAT, understanding at what point in a packet's path CBAC kicks in and how the access lists are processed can make implementing a firewall much easier and more trouble-free. Table 24-5 shows the order in which various packets pass through the router. “Inside” is generally the private network behind the router, and “outside” is the network on the public side of the router.