Cisco: Package Processing "In Complex Configurations"
I regularly encounter the problem of remembering the sequence
the package is being processed at Cisco, respectively, and also regularly looking for this document
Maybe it will be useful to someone other than me:
Inside-to-Outside Package
')
Outside-to-Inside package
Retrieved from Cisco Document ID: 6209
the package is being processed at Cisco, respectively, and also regularly looking for this document
Maybe it will be useful to someone other than me:
Inside-to-Outside Package
- if ipsec then check input access list
- decryption - for CET (Cisco EncryptionTechnology) or IPSec
- check input access list
- check input rate limits
- input accounting
- policy routing
- routing
- redirect to web cache
- NAT inside to outside (local to global translation)
- crypto (check map and mark for encryption)
- check output access list
- inspect (Context − based Access Control (CBAC))
- TCP intercept
- encryption
- queuing
')
Outside-to-Inside package
- if ipsec then check input access list
- decryption - for CET or IPSec
- check input access list
- check input rate limits
- input accounting
- NAT outside to inside (global to local translation)
- policy routing
- routing
- redirect to web cache
- crypto (check map and mark for encryption)
- check output access list
- inspect CBAC
- TCP intercept
- encryption
- queuing
Retrieved from Cisco Document ID: 6209
Source: https://habr.com/ru/post/51139/
All Articles