Network Address Translation (NAT) is fairly easy to implement but because it is intricately integrated into so many security implementations, it can be tricky to troubleshoot. We will focus on NAT's implementation on Cisco routers in this section. We will talk about NAT issues on the PIX in a later section.
The first thing to be aware of when troubleshooting NAT is the order in which NAT takes place. Understanding this can eliminate many problems. Table 24-1 lists the order of operations of various features vis-á-vis NAT. “Inside” is generally the private network behind the router, and “outside” is the network on the public side of the router.