I've been thinking about this qn as i'm quite confised with it with other firewall such as cyberguard TSP.
Does ASA/PIX perform NAT first then the rules or vice versa. From the cert studies material. It seems to be Rules first then NAT. An exam ple will be outside public having access into ur internal host using the public IP (NAT ip of the internal host)
For the Cyberguard TSP, its the other way, it NAT first then process the rules. the rules i have configure and work for public to access my internal host is like "allow public_ip_address to private_ip_address usin_the_tcp_port"
Please help to answer my query,