Feeds:
Posts
Comments

Posts Tagged ‘Cisco Packet Processing Sequence’

Here is a little something that I have found helpful when troubleshooting network problems; a chart that shows the order in which a packet is processed on an interface of a Cisco router/firewall.  For example, it can be handy to know that NAT is applied outbound prior to hitting an output ACL.  As usual, it is kind of difficult to locate this on the Cisco documentation website, so I include it here for those who, like me, want a quick way to find it in a pinch.

Inside-to-Outside (LAN to WAN)

  • If IPSec then check input access list
  • decryption – for CET (Cisco Encryption Technology) or IPSec
  • check input access list
  • check input rate limits
  • input accounting
  • policy routing
  • routing
  • redirect to web cache
  • WAAS application optimization
  • NAT inside to outside (local to global translation)
  • crypto (check map and mark for encryption)
  • check output access list
  • inspect (Context-based Access Control (CBAC))
  • TCP intercept
  • encryption
  • Queueing
  • MPLS VRF tunneling (if MPLS WAN deployed)

Outside-to-Inside (WAN to LAN)

  • MPLS tunneling (if MPLS WAN deployed)
  • decryption – for CET or IPSec
  • check input access list
  • check input rate limits
  • input accounting
  • NAT outside to inside (global to local translation)
  • policy routing
  • routing
  • redirect to web cache
  • WAAS application optimization
  • crypto (check map and mark for encryption)
  • check output access list
  • inspect CBAC
  • TCP intercept
  • encryption
  • Queueing

 

Advertisements

Read Full Post »

%d bloggers like this: