Here is the NAT order of operation:
Inside-to-Outside
* If IPSec then check input access list
* decryption - for CET (Cisco Encryption Technology) or IPSec
* check input access list
* check input rate limits
* input accounting
* policy routing
* routing
* redirect to web cache
* NAT inside to outside (local to global translation)
* crypto (check map and mark for encryption)
* check output access list
* inspect (Context-based Access Control (CBAC))
* TCP intercept
* encryption
Outside-to-Inside
* If IPSec then check input access list
* decryption - for CET or IPSec
* check input access list
* check input rate limits
* input accounting
* NAT outside to inside (global to local translation)
* policy routing
* routing
* redirect to web cache
* crypto (check map and mark for encryption)
* check output access list
* inspect CBAC
* TCP intercept
* encryption
Here's the link it's taken from:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
Did it help?