Is the default gateway of the 8.8.8.8 server 8.8.8.1?
Can 8.8.8.8 ping 203.1.1.1?

Which router your traffic is routed out of can you see if traffic is being natted? Ping from one of the PCs and run "show ip nat translations" on the router that traffic is routed through

Yes it can ping 203.1.1.1 and the default gateway is 8.8.8.1

Which router your traffic is routed out of can you see if traffic is being natted? Ping from one of the PCs and run "show ip nat translations" on the router that traffic is routed through

What is the output??

Is that traffic going out of that router you've displayed the ip nat translations for? I'd expect to see a translation for the icmp traffic.

Which router is the primary? Please show the output of "show standby"

Router#show standby
FastEthernet0/1 - Group 1
State is Active
5 state changes, last state change 00:00:27
Virtual IP address is 10.1.11.12
Active virtual MAC address is 0000.0C07.AC01
Local virtual MAC address is 0000.0C07.AC01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.993 secs
Preemption enabled
Active router is local
Standby router is 10.1.11.11, priority 100 (expires in 6 sec)
Priority 110 (configured 110)
Group name is hsrp-Fa0/1-1 (default)

Please upload the running-config

Router#show running-config
Building configuration...

Current configuration : 2205 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Router
!
!
!
enable secret 5 $1$mERr$Hx2QiWoH8y5il7TEorRvk/
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
ip address 10.1.11.10 255.255.255.0
ip nat inside
duplex auto
speed auto
standby 1 ip 10.1.11.12
standby 1 priority 110
standby 1 preempt
!
interface Serial1/0
ip address 203.1.1.2 255.255.255.0
ip access-group WAN_ACL in
ip nat outside
!
interface Serial1/1
no ip address
clock rate 2000000
shutdown
!
interface Serial1/2
no ip address
clock rate 2000000
shutdown
!
interface Serial1/3
no ip address
clock rate 2000000
shutdown
!
interface Serial1/4
no ip address
clock rate 2000000
shutdown
!
interface Serial1/5
no ip address
clock rate 2000000
shutdown
!
interface Serial1/6
no ip address
clock rate 2000000
shutdown
!
interface Serial1/7
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 100 interface Serial1/0 overload
ip nat inside source static tcp 10.1.11.20 25 203.1.1.2 25
ip nat inside source static tcp 10.1.11.20 143 203.1.1.2 143
ip nat inside source static tcp 10.1.11.20 993 203.1.1.2 993
ip classless
ip route 0.0.0.0 0.0.0.0 203.1.1.1
ip route 10.1.20.0 255.255.255.0 10.1.11.1
!
ip flow-export version 9
!
!
ip access-list extended WAN_ACL
permit tcp any host 203.1.1.2 eq smtp
permit tcp any host 203.1.1.2 eq 993
permit tcp any host 203.1.1.2 eq 443
permit tcp any host 203.1.1.2 eq 143
permit udp any host 203.1.1.2 eq 443
permit tcp any host 203.1.1.2 eq domain
permit udp any host 203.1.1.2 eq domain
permit icmp any any echo-reply
permit icmp any any unreachable
deny ip 127.0.0.0 0.255.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.0.15.255 any
deny ip any any
!
no cdp run
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end

Ok fine, the return traffic is denied by the ACL (an ACL is not stateful, so return traffic must be defined).

Add (above the deny ip any any rule)

ip access-list extended WAN_ACL
permit tcp any eq 80 host 203.1.1.2

A stateful firewall in this instance would be better (in the real world), this allows return traffic without having to explicitly permit the return traffic.

how can I add above the deny ip any any rule

If you run the command "show ip access-list WAN_ACL"

 

BRANCH-1-RTR(config)#do sh ip access-list WAN_ACL
Extended IP access list WAN_ACL
    10 permit tcp any host 2.2.2.1 eq www (6 matches)
    20 deny ip any any log (299 matches)

Have a look at the sequence numbers, you would then add a sequence number lower than 20, E.g:

 

BRANCH-1-RTR(config)#15 permit icmp any host 2.2.2.1

 

BRANCH-1-RTR#show ip access-lists WAN_ACL
Extended IP access list WAN_ACL
    10 permit tcp any host 2.2.2.1 eq www (6 matches)
    15 permit icmp any host 2.2.2.1 (4 matches)
    20 deny ip any any log-input (327 matches)

 

It is not showing Sequence number

Router(config)#do sh ip access-list WAN_ACL
Extended IP access list WAN_ACL
permit tcp any host 203.1.1.2 eq smtp
permit tcp any host 203.1.1.2 eq 993
permit tcp any host 203.1.1.2 eq 443
permit tcp any host 203.1.1.2 eq 143
permit udp any host 203.1.1.2 eq 443
permit tcp any host 203.1.1.2 eq domain
permit udp any host 203.1.1.2 eq domain
permit icmp any any echo-reply
permit icmp any any unreachable
deny ip 127.0.0.0 0.255.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.0.15.255 any
deny ip any any

Hello RJI I know this topic is different from this one but I shall be grateful if you kindly give me an idea

 

Attach is the image file showing server having two different NIC connected to two different Layer 2 switch. Now my query

 

1) How in packet tracer we can use NIC teaming in server

2) if suppose one link goes down how it can transfer it to other link as shown in the image file