The following steps of the Network Address Translation (NAT) order of operation typically occur before inside-to-outside translation but after outside-to-inside translation:
- Policy routing
- IP routing

NAT enables a network to communicate with a separate network, such as the Internet, by translating traffic from IP addresses on the local network to another set of IP addresses that can communicate with the remote network. NAT inside-to-outside translation, which is also known as local-to-global translation, occurs when the NAT router maps an inside network source IP address to an outside network source IP address before forwarding the packet to the next hop. When a NAT router performs NAT inside-to-outside translation, the following operations occur in order:
1. If IP Security (IPSec) is implemented, check inbound access list
2. Decryption
3. Check inbound access list
4. Check inbound rate limits
5. Inbound accounting
6. Redirect to web cache
7. Policy routing
8. IP routing
9. NAT inside-to-outside translation
10. Check crypto map and mark for encryption
11. Check outbound access list
12. Inspect Contextbased Access Control (CBAC)
13. Transmission Control Protocol (TCP) intercept
14. Encryption
15. Queueing

NAT outside-to-inside translation, which is also known as global-to-local translation, occurs when the NAT router maps an outside destination IP address to an inside destination IP address. When a NAT router performs NAT outside-to-inside translation, the following operations occur in order:
1. If IPSec is implemented, check inbound access list
2. Decryption
3. Check inbound access list
4. Check inbound rate limits
5. Inbound accounting
6. Redirect to web cache
7. NAT outsidetoinside translation
8. Policy routing
9. IP routing
10. Check crypto map and mark for encryption
11. Check outbound access list
12. Inspect CBAC
13. TCP intercept
14. Encryption
15. Queueing

Other than the policy routing and IP routing steps, the other steps in the NAT order of operation are the same for insidetooutside NAT and outsidetoinside NAT.
Checking inbound access lists, rate limits, and accounting are performed before insidetooutside address translation and before outsidetoinside address translation.
Checking outbound access lists, inspecting CBAC, encryption, and queuing are performed after insidetooutside address translation and after outside-to-inside address translation.