Understand the order of operations for Cisco IOS
From Teknologisk videncenter
NAT order of operations
inside-to-outside
Order of operations for the inside-to-outside list:
- If IPSec, then check input access list
- Decryption—for Cisco Encryption Technology (CET) or IPSec
- Check input access list
- Check input rate limits
- Input accounting
- Policy routing
- Routing
- Redirect to Web cache
- NAT inside to outside (local to global translation)
- Crypto (check map and mark for encryption)
- Check output access list
- Inspect context-based access control (CBAC)
- TCP intercept
- Encryption
outside-to-inside
Order of operations for the outside-to-inside list:
- If IPSec, then check input access list
- Decryption—for CET or IPSec
- Check input access list
- Check input rate limits
- Input accounting
- NAT outside to inside (global to local translation)
- Policy routing
- Routing
- Redirect to Web cache
- Crypto (check map and mark for encryption)
- Check output access list
- Inspect CBAC
- TCP intercept
- Encryption
QoS Order of Operations
The Quality of Service (QoS) order of operations is another important list to know. Of course, this is only really important if you're using QoS. But if you are, you need to be familiar with it.
Inbound traffic order of operations
- QoS Policy Propagation through Border Gateway Protocol (BGP)—or QPPB
- Input common classification
- Input ACLs
- Input marking—class-based marking or Committed Access Rate (CAR)
- Input policing—through a class-based policer or CAR
- IPSec
- Cisco Express Forwarding (CEF) or Fast Switching
Outbound traffic order of operations
- CEF or Fast Switching
- Output common classification
- Output ACLs
- Output marking
- Output policing—through a class-based policer or CAR
- Queueing—Class-Based Weighted Fair Queueing (CBWFQ) and Low Latency Queueing (LLQ))—and Weighted Random Early Detection (WRED)