Order of Operations

This section describes the order of operations for both inside-to-outside and outside-to-inside translation.

Inside-to-Outside Translation

Inside-to-outside translation occurs in the following order:

  1. Inside (privately addressed) traffic enters the router on an interface marked as inside.
  2. A route lookup is performed.
  3. If the next interface is marked as outside, the router sends the traffic to the server module.
  4. The server module performs the appropriate translation.
  5. The router forwards the packet to the appropriate egress line module.
  6. The line module sends the packet as outbound traffic using a globally unique source address (inside source translation), destination address (outside source translation), and ports (NAPT).

Outside-to-Inside Translation

Outside-to-inside translation occurs in the following order:

  1. Traffic from the outside, public domain enters the router.
  2. All traffic from an interface that is marked outside, whether or not it requires NAT, is sent to the server module.
  3. The server module searches for an associated NAT match.
  4. If the server module:
    • Finds a NAT match, and the destination interface is marked as inside, the server module performs the appropriate translation and sends the packet to the appropriate destination.
    • Does not find a NAT match, and the destination interface is marked as inside, the server module drops the packet.
    • Does not find a NAT match, and the destination interface is not marked as inside, the server module processes the packet normally for its destination.