Introduction to Firewalls

Hello Michael

First of all, we apologise for the late response. This is an excellent question, and thank you for sharing it with us.

It all has to do with order of operations. The standard document that is usually provided for order of operations regarding NAT is the following:

Based on this, the inside to outside and outside to inside orders are different. This means that when the traffic returns, it first goes through a NAT outside to inside translation and then goes through the policy routing, in which your policy maps are included. So the policy routing will take place after the NAT translation. So to answer this question:

… is that first the NAT translation occurs, then the policy routing which is based on the ACL which contains the internal IP address, that is, the translated IP address of the host in question.

I hope this has been helpful!

Laz

1 Like