| [ LiB ] |   |
NAT Order of Operation
As noted, NAT is based on whether a packet goes from your inside network to your outside network or from your outside network to your inside network. Table 12-1 illustrates the processing order in relation to where the packet originates. Note that when NAT performs the global-to-local or local-to-global translation, it is different in each flow.
Inside-to-Outside | Outside-to-Inside |
|---|---|
1. If IPSec, check the input access list 2. Decryptionfor CET (Cisco Encryption Technology) or IPSec 3. Check the input access list 4. Check the input rate limits 5. Input accounting 6. Inspect 7. Policy routing 8. Routing 9. Redirect to the web cache 10. NAT inside-to-outside (local-to-global translation) 11. Crypto (check the map and mark it for encryption) 12. Check the output access list 13. Inspect 14. TCP intercept 15. Encryption | 1. If IPSec, check the input access list 2. Decryptionfor CET or IPSec 3. Check the input access list 4. Check the input rate limits 5. Input accounting 6. Inspect 7. NAT outside-to-inside (global-to-local translation) 8. Policy routing 9. Routing 10. Redirect to the web cache 11. Crypto (check the map and mark it for encryption) 12. Check the output access list 13. Inspect 14. TCP intercept 15. Encryption |
As you can see from Table 12-1, NAT occurs after the router processes several items. NAT inside-to-outside also occurs in a different place than NAT outside-to-inside.
| [ LiB ] | |