29 November 2010

IOS NAT: Order of Operations

Understand NAT Order of Operations in IOS
Inside to Outside



  1. If IPsec, check input access list
  2. Decryption for CET (Cisco Encryption Technology) or IPsec
  3. Check input access list
  4. Check input rate limits
  5. Input accounting
  6. Inspect
  7. Policy routing
  8. Routing
  9. Redirect to web cache
  10. NAT inside to outside (local-to-global translation)
  11. Crypto (check map and mark for encryption)
  12. Check output access list
  13. Inspect
  14. TCP intercept
  15. Encryption
Outside to Inside



  1. If IPsec, check input access list
  2. Decryption for CET or IPsec
  3. Check input access list
  4. Check input rate limits
  5. Input accounting
  6. Inspect
  7. NAT outside to inside (global-to-local translation)
  8. Policy routing
  9. Routing
  10. Redirect to web cache
  11. Crypto (check map and mark for encryption)
  12. Check output access list
  13. Inspect
  14. TCP intercept
  15. Encryption

Notice the reverse of routing and natting depending on the flow of the traffic



No comments:

Post a Comment