In this table, when NAT performs the global to local, or local to
global, translation is different in each flow.
Inside-to-Outside
|
Outside-to-Inside
|
-
If IPSec then check input access list
-
decryption - for CET (Cisco Encryption Technology) or IPSec
-
check input access list
-
check input rate limits
-
input accounting
-
redirect to web cache
-
policy routing
-
routing
-
NAT inside to outside (local to global
translation)
-
crypto (check map and mark for encryption)
-
check output access list
-
inspect (Context-based Access Control
(CBAC))
-
TCP intercept
-
encryption
-
Queueing
|
-
If IPSec then check input access list
-
decryption - for CET or IPSec
-
check input access list
-
check input rate limits
-
input accounting
-
redirect to web cache
-
NAT outside to inside (global to local
translation)
-
policy routing
-
routing
-
crypto (check map and mark for encryption)
-
check output access list
-
inspect CBAC
-
TCP intercept
-
encryption
-
Queueing
|
No comments:
Post a Comment