This one is a doozie and I'm willing to bet I'm just overlooking something.  I've tried beating my head against my ccna books but osmosis just isn't working.  I'm hoping someone here will just say 'psssh, you forgot this in your config'.

Here's the deal.  We picked up a Cisco 2911 Router for a project.  Without trying to give up too much information here (company policy and all over this project) what this router is trying to accomplish is splitting traffic between two seperate networks.  (oh you know an ASCII diagram is coming up, you can just feel it).  The segregated network has certian servers that have to send data to Network A via routing policies, but a majority of their traffic will be going out Network B's firewall then router.  Only certian services on certian servers allowed out on Network A, the rest of the traffic goes out Network B.  Everything is hardware firewalled on the network ends as well..I'll assume that I'll have to attach an image because just the description hurts my head (try setting this up).  But here's an ascii setup (use your imagination).

(Network A -10.0.124.X ) - Managed Switch - Checkpoint Firewall - Cisco(GigE0/2)  Cisco(GigE0/1)-Checkpoint Firewall - Cisco 1800 - Outside Network (VPN Connections). 

GigE0/0 Is connected to a Managed Switch (HP Procurve).  

GigE0/0 is: 192.168.16.1

GigE0/1 is: 192.168.17.1

GigE0/2 is: 192.168.18.1

Kept off of seperate subnets of course (granted I could have gone with 10.x, 172.x 192.x but that further confuses things with this setup)

So here's the deal.  And attached is my config.  From the router itself I can get out to Network A and ping/ssh to various servers on the 10.0.124.x network, from a computer attached to GigE0/1 I cannot get past the router.  I can ping the .16.1, 17.1, 18.1 and so on and so forth with devices, but I cannot get past the router itself.  Gateway on the attached computer (switch as well) is 192.168.16.1.  I've done ACL's wide open, I've removed ACL's, I've removed NAT, I've setup NAT, I've added static routes, I've removed static routes, I've setup gateway of last resorts until my eyes bled.  At this point in time gateway of last resort is 192.168.18.2 which is the interface of Checkpoint Firewall heading out to Network A just so I can get anything attached to GigE0/0 out through the network.

Why won't this route properly? I've spent the last few days with QWERTY embedded in my forehead and I know I've overlooked something silly.  If you notice right now (according to the config) GigE0/1 is currently down as it's in the Development Environment and I'm attempting to just get a computer attached to GigE0/0 to route any traffic out through GigE0/2.  Once I can get said device to route traffic out through GigE 0/2 I'll get back into access policies to route it properly.  Gateway of last resort will end up being GigE0/1 once this actually works.

Current configuration : 4333 bytes

!

! Last configuration change at 09:48:49 MDT Tue Oct 11 2011

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname RT-SCRUBBED-01

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

enable secret 5 SCRUBBED

!

aaa new-model

aaa session-id common

clock timezone MST -7 0

clock summer-time MDT recurring

!

no ipv6 cef

no ip source-route

ip cef

!

!

!

ip dhcp bootp ignore

!

!

no ip bootp server

no ip domain lookup

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-628020236

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-628020236

revocation-check none

rsakeypair TP-self-signed-628020236

!

!

crypto pki certificate chain TP-self-signed-628020236

certificate self-signed 01

<SCRUBBED>

license udi pid SCRUBBED sn SCRUBBED

!

!

username SCRUBBED privilege 15 secret 5 SCRUBBED

username SCRUBBED password 7 SCRUBBED

!

!

ip ssh time-out 30

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

!

interface GigabitEthernet0/0

description Interface To SCRUBBED Network$ES_LAN$

ip address 192.168.16.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description Interface To Cisco 1800

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/2

description Interface To SCRUBBED Network

ip address 192.168.18.1 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

no ip forward-protocol nd

!

no ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!        

ip nat inside source list 1 interface GigabitEthernet0/2 overload

ip route 0.0.0.0 0.0.0.0 192.168.18.2

ip route 10.0.124.0 255.255.252.0 192.168.18.2

ip route 10.5.20.0 255.255.252.0 192.168.18.2

!

!

!

!

!

!

control-plane

!

!

privilege configure level 15 shell

banner exec ^C

.

^C

banner login ^C

This is a secure system. Unauthorized use of this system will

be prosecuted to the full extent of the law.  If you are not

authorized access to this system, log out now.

^C

banner motd ^CINE /

This is a secure system.  Unauthorized use to this system will be punished

to the full extent of the law.  If you are not authorized

for this system please log out now.

^C

!

line con 0

exec-timeout 30 0

password 7 SCRUBBED

line aux 0

exec-timeout 30 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 3

access-class 23 in

exec-timeout 30 0

password 7 SCRUBBED

transport input ssh

line vty 4

exec-timeout 0 0

transport input ssh

line vty 5

access-class 23 in

transport input ssh

line vty 6 15

transport input all

!

scheduler allocate 20000 1000

end