Order of operations on interfaces

Here’s the order of operations for the inside-to-outside list:

  • If IPSec, then check input access list
  • Decryption—for Cisco Encryption Technology (CET) or IPSec
  • Check input access list
  • Check input rate limits
  • Input accounting
  • Policy routing
  • Routing
  • Redirect to Web cache
  • NAT inside to outside (local to global translation)
  • Crypto (check map and mark for encryption)
  • Check output access list
  • Inspect context-based access control (CBAC)
  • TCP intercept
  • Encryption

Here’s the order of operations for the outside-to-inside list:

  • If IPSec, then check input access list
  • Decryption—for CET or IPSec
  • Check input access list
  • Check input rate limits
  • Input accounting
  • NAT outside to inside (global to local translation)
  • Policy routing
  • Routing
  • Redirect to Web cache
  • Crypto (check map and mark for encryption)
  • Check output access list
  • Inspect CBAC
  • TCP intercept
  • Encryption

Source:

http://articles.techrepublic.com.com/5102-1035-6055946.html

Leave a Reply