Greetings from a Newb
So far what I have works from the router but fails from computer.
Setup:
3448 siting on my desk
Eth 0/1 is plugged into comcast modem and using 1 of our static public IPs
Eth 0/2 is plugged into our local network and using a static private and is routed out a DSL connection.
I do a traceroute from router to 8.8.8.8 it routes out the comcast modem as expected
I unplug eth 0/1
I see the state go to fail
I do a traceroute from router to 8.8.8.8 it routes out the DSL modem as expected.
I plug eth 0/1 back in
I do a traceroute from router to 8.8.8.8 it routes out the comcast modem as expected
I do a traceroute from laptop to 8.8.8.8 it routes out the comcast modem as expected
I unplug eth 0/1
I see the state go to fail
I do a traceroute from laptop to 8.8.8.8 it gets to the VLAN interface 192.168.1.1 then times out 
.
I think it has something to do with the firewall or NAT but can't see it for the life of me
.
Here is some relevant info:
ip local policy route-map LOCAL
!
ip firewall
ip firewall fast-nat-failover
!
probe Charter icmp-echo
destination 173.X.X.94
source-address 173.X.X.91
period 3
tolerance consecutive fail 3 pass 3
no shutdown
!
track Charter
snmp trap state-change
test if probe Charter
no shutdown
!
interface eth 0/1
description Charter Connection
ip address 173.X.X.91 255.255.255.248
ip access-policy Public
ip flow egress
media-gateway ip primary
no awcp
no shutdown
!
!
interface eth 0/2
description Backup
ip address 192.168.99.99 255.255.255.0 (this is a test IP that is on my existing network would be change to a public in real world)
ip mtu 1500
ip access-policy Public_Backup
no shutdown
!
!
!
interface vlan 1
ip address 192.168.1.1 255.255.255.0
ip access-policy Private
ip flow egress
no awcp
no shutdown
!
!
!
route-map LOCAL permit 10
match ip address Charter
set ip next-hop 192.168.99.249
set interface eth 0/2
!
!
!
!
ip access-list standard Backup_ICS
permit any
!
ip access-list standard wizard-ics
remark Internet Connection Sharing
permit any
!
!
ip access-list extended Audio_ACL
permit udp any any log
!
ip access-list extended Charter
permit icmp host 192.168.1.1 host X.X.X.X
!
ip access-list extended self
remark Traffic to NetVanta
permit ip any any log
!
ip access-list extended Signal_ACL
permit udp any any eq 5060 log
permit tcp any any eq 5061 log
!
ip access-list extended web-acl-10
remark TCP_UDP_5060_5061
permit tcp 208.X.X.0 0.0.0.255 any range 5060 5061 log
permit udp 208.X.X.0 0.0.0.255 any range 5060 5061 log
!
ip access-list extended web-acl-11
remark RTP fwd
permit udp X.X.62.0 0.0.0.255 any range X X log
!
ip access-list extended web-acl-12
remark XXX
permit tcp any any eq XXXX log
!
ip access-list extended web-acl-13
remark XXX
permit tcp any any eq XXXX log
!
ip access-list extended web-acl-14
remark DIM
permit tcp any any eq XXXX log
!
ip access-list extended web-acl-15
remark Admin
permit tcp any any eq https log
permit tcp any any eq ssh log
permit icmp any any echo log
!
ip access-list extended web-acl-16
remark To_NetVanta
permit ip any any log
!
ip access-list extended web-acl-17
remark NAT_Backup
permit ip any any
!
ip access-list extended web-acl-3
remark Admin Access
permit tcp any any eq https log
permit tcp any any eq ssh log
permit icmp any any echo log
!
!
!
!
ip policy-class Private
allow list self self
nat source list wizard-ics interface eth 0/1 overload
nat source list Backup_ICS interface eth 0/2 overload
!
ip policy-class Public
allow list web-acl-3 self
nat destination list web-acl-12 address 192.168.1.250 port XX
nat destination list web-acl-10 address 192.168.1.250
nat destination list web-acl-11 address 192.168.1.251
nat destination list web-acl-13 address 192.168.1.250
nat destination list web-acl-14 address 192.168.1.250
!
ip policy-class Public_Backup
allow list web-acl-15 self
!
!
!
ip route 0.0.0.0 0.0.0.0 173.X.X.94 track Charter
ip route 0.0.0.0 0.0.0.0 192.168.99.1 10
!
Accepted Solutions
