Without NAT, the order is easy :
1. Incoming ACL
2. Routing Process
3. Outgoing ACL
At what step does the "average source NAT" take place ?
Scenario : A typical SOHO where you would translate a complete LAN to a single public IP (inside global) on your WAN Interface.
Is it before the Incoming ACL, i.e. step 0 ? Or is it after the Incoming ACL, i.e. step "1.5" ?
For example, if you want to filter traffic by the source address, any outgoing ACL on the WAN interface would have to use the already translated address. So far, so good. But what about the Incoming ACL on the LAN interface ? Will it have to match the non-translated source addresses or the translated addresses ?
Thanks in advance,
It depends on whether the traffic is going from outside to inside or from inside to outside. Have a look at the attached docuement. Hopefully it will answer your questions.