Alright, this is a weird one...

We have a Cisco 1811 which is running a number of different services.  Let me try and explain how everything is working first.

On routed port 0, we have a statically configured fiber connection which routes a public /28.  No BGP, etc just default routes.  The /28 is divided into a two /29's, once of which is routed to Vlan3.

On routed port 1, we have a PPPoE DSL connection, with a single static IP.

Vlan1 is a 192.168.1.x subnet

Vlan2 is a 192.168.2.x subnet

Vlan3 is a y.y.y.x/29 subnet(the routed subnet)

Vlan1 and Vlan2 PAT the static fiber IP(not the other /29) along with the DSL.

The other /29 is used for a few static NAT translations and SSLVPN

There is a zone based firewall in play, as well as a few route-maps to redirect traffic out certain interfaces on the inside.

I hope I haven't lost anyone yet.

The problem is, the fiber IP randomly stops responding to ping/ssh, however I can ping the interface IP assigned to Vlan3 from the WAN.  DSL never loses connection in this manner.

I can normally reestablish "normal" connectivity by connecting to the DSL and bringing down the fiber and routed vlan in a specific order.

Anyone have any thoughts?  If you need a picture to visualise I can visio up something real quick.

I may have figured it out...

Vlan15 was set as a "outside" interface according to NAT.  Changing it to a inside and adding a deny for the subnet seems to have fixed it all up.

Just wishful thinking...  It is still doing it.

