1) Any address of the Internet cannot communicate with the Internet address of R3680E, the out interface of Internet does nat switch.
2)Collect the configuring information, and detect the ACL is error: the rule defined by ACL has permit any.
Networking: interior network----firewall---3680e-------Internet
any address of the Internet cannot communicate with the Internet address of 3680e, the out interface of Internet enable nat switch.
Delete permit any rule in ACL and allow the special private network address switch only and eny other unwanted network segments, recite the rule, the problem is solved.
Use one interface address to do nat address, communicate with the after-switching interface address, at this time, nat interface can receive icmp echo, but icmp reply will generate one nat entry because of ACL definition, as nat switches, icmp mirros via identifier and port, then as icmp reply identifier differs from echo,the above nat interface address is uncommunicated.