I was not able to find enough documentation about ASA's internal order of operation so after testing with packet-tracer I made 2 flow charts.
I am open to any recommendations in order to fix/improve the 2 charts (for example I want to add the VPN encrypt/decrypt phases, but I haven't tested yet).
I would also like to confirm the following lists:
INSIDE -> OUTSIDE
1. Route Lookup
2. RPF (Antispoofing)
4. Source NAT
OUTSIDE -> INSIDE
1. RPF (Antispoofing)
3. UN-NAT (Destination NAT)
4. Route lookup
you can test it via packettracer
The best resource for that I can recommend is:
Cisco Live presentation: Troubleshooting Firewalls - go to ciscolivevirtual.com for that
Cisco Press book: Cisco Firewalls
I posted this a few months ago, i hope it can help.
Register for free now.