CISCO2921/K9访问外网问题

大神帮个忙，看看哪里问题：感谢感谢

出口设备---core---接入设备---客户端；现在出口设备需要做一个冷备，设备为CISCO2921/K9，配置后无法访问外网。情况如下：

1：客户端可以ping通出口设备的WAN口；反之，出口设备能ping通下面任意客户端；

2：出口设备开启debug ip nat， 发现客户端的数据有被nat转换；

3：出口设备直接ping电信网关，发现不通（问题应该在这里，不知道为什么不通，在模拟软件上测试结果是正常；）

出口设备配置如下：

NG_route#show run
Building configuration.

Current configuration : 4661 bytes
! Last configuration change at 07:56:17 UTC Fri Jul 28 2023
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NG_route
!
boot-start-marker
boot-end-marker
!
!
interface GigabitEthernet0/1
 description WAN
 ip address 36.7.84.10 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 description LAN
 ip address 192.192.192.2 255.255.255.252
 ip nat inside
 ip nat enable
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
!
ip nat pool isp 36.7.84.10 36.7.84.10 netmask 255.255.255.0
ip nat inside source list NG_ACL pool isp overload
ip nat inside source static tcp 192.100.200.5 7500 36.7.84.11 7500 extendable
ip nat inside source static udp 192.100.200.5 7500 36.7.84.11 7500 extendable
ip nat inside source static tcp 192.121.200.171 8000 36.7.84.16 8000 extendable
ip nat inside source static tcp 192.121.200.90 8089 36.7.84.16 8089 extendable
ip nat inside source static tcp 192.121.200.28 9100 36.7.84.16 9100 extendable
ip nat inside source static tcp 192.121.200.247 1433 36.7.84.16 9500 extendable
ip nat inside source static tcp 192.107.200.20 3389 36.7.84.20 3389 extendable
ip nat inside source static tcp 1.1.1.3 4444 36.7.84.20 4444 extendable
ip route 0.0.0.0 0.0.0.0 36.7.84.1
ip route 192.100.200.0 255.255.255.0 192.192.192.1
ip route 192.101.200.0 255.255.255.0 192.192.192.1
ip route 192.102.200.0 255.255.255.0 192.192.192.1
ip route 192.103.200.0 255.255.255.0 192.192.192.1
ip route 192.104.200.0 255.255.255.0 192.192.192.1
ip route 192.105.200.0 255.255.255.0 192.192.192.1
ip route 192.106.200.0 255.255.255.0 192.192.192.1
ip route 192.107.200.0 255.255.255.0 192.192.192.1
ip route 192.108.200.0 255.255.255.0 192.192.192.1
ip route 192.109.200.0 255.255.255.0 192.192.192.1
ip route 192.110.200.0 255.255.255.0 192.192.192.1
ip route 192.111.200.0 255.255.255.0 192.192.192.1
ip route 192.112.200.0 255.255.255.0 192.192.192.1
ip route 192.113.200.0 255.255.255.0 192.192.192.1
ip route 192.114.200.0 255.255.255.0 192.192.192.1
ip route 192.115.200.0 255.255.255.0 192.192.192.1
ip route 192.116.200.0 255.255.255.0 192.192.192.1
ip route 192.117.200.0 255.255.255.0 192.192.192.1
ip route 192.118.200.0 255.255.255.0 192.192.192.1
ip route 192.119.200.0 255.255.255.0 192.192.192.1
ip route 192.120.200.0 255.255.255.0 192.192.192.1
ip route 192.121.200.0 255.255.255.0 192.192.192.1
ip route 192.122.200.0 255.255.255.0 192.192.192.1
!
ip access-list extended NG_ACL
 permit ip 192.100.200.0 0.0.0.255 any
 permit ip 192.101.200.0 0.0.0.255 any
 permit ip 192.102.200.0 0.0.0.255 any
 permit ip 192.103.200.0 0.0.0.255 any
 permit ip 192.104.200.0 0.0.0.255 any
 permit ip 192.105.200.0 0.0.0.255 any
 permit ip 192.106.200.0 0.0.0.255 any
 permit ip 192.107.200.0 0.0.0.255 any
 permit ip 192.108.200.0 0.0.0.255 any
 permit ip 192.109.200.0 0.0.0.255 any
 permit ip 192.110.200.0 0.0.0.255 any
 permit ip 192.111.200.0 0.0.0.255 any
 permit ip 192.112.200.0 0.0.0.255 any
 permit ip 192.113.200.0 0.0.0.255 any
 permit ip 192.114.200.0 0.0.0.255 any
 permit ip 192.115.200.0 0.0.0.255 any
 permit ip 192.116.200.0 0.0.0.255 any
 permit ip 192.117.200.0 0.0.0.255 any
 permit ip 192.118.200.0 0.0.0.255 any
 permit ip 192.119.200.0 0.0.0.255 any
 permit ip 192.120.200.0 0.0.0.255 any
 permit ip 192.121.200.0 0.0.0.255 any
 permit ip 192.122.200.0 0.0.0.255 any
 permit ip 192.123.200.0 0.0.0.255 any
 permit ip 192.192.192.1 0.0.0.2 any
!
control-plane
!
end