I'm trying to migrate web servers from DSL (routed) to Cable (bridged). I configured NAT on an identical Cisco router in the same manner as the one connecting us to DSL for the past ten years. Ethernet comes out of the cable modem and goes into the new Cisco; Ethernet comes out the Cisco's other interface and goes into the switch connecting the Local Area Network (192.168.xx.0).

It seemed NAT wasn't working with Astound (cable company). Then I noticed that an address formerly assigned to the cable-side interface could be NATted. Perhaps, I thought, the addresses need to be "woken up"? One-by-one, I confirmed that each of the remaining six addresses did not work with NAT until after the address had been assigned to the cable-side interface, pinged, and removed from the interface. Inexcplicable, but whatever - they now worked.

Unfortunately, the NATted addresses eventually fall asleep again. Outbound traceroute reaches my Cisco and then times out (although the Cisco itself can traceroute fine). I get no reply to inbound pings. This doesn't happen on the DSL ISP so I asked Astound why. They say it's my problem.

Here's my config:
no ip source-route
ip nat pool local-addrs aa.bb.cc.44 aa.bb.cc.44 netmask 255.255.255.128
ip nat inside source list 1 pool local-addrs overload
ip nat inside source static 192.168.xx.198 aa.bb.cc.38
ip nat inside source static 192.168.xx.199 aa.bb.cc.39
ip nat inside source static 192.168.xx.200 aa.bb.cc.40
ip nat inside source static 192.168.xx.201 aa.bb.cc.41
ip nat inside source static 192.168.xx.102 aa.bb.cc.42
ip nat inside source static 192.168.xx.103 aa.bb.cc.43
no ip finger

! [Snip DNS, Timezone info]

interface Ethernet0
description LAN
ip address 192.168.xx.253 255.255.255.0
ip broadcast-address 192.168.xx.255
no ip directed-broadcast
no ip proxy-arp
ip nat inside
no ip mroute-cache

interface Ethernet1
description Internet (Astound)
ip address aa.bb.cc.45 255.255.255.128
ip access-group 199 in
no ip directed-broadcast
no ip proxy-arp
ip nat outside
no ip mroute-cache

router rip
network aa.0.0.0

ip classless
ip route 0.0.0.0 0.0.0.0 aa.bb.cc.1

access-list 1 deny 192.168.xx.199
access-list 1 deny 192.168.xx.198
access-list 1 deny 192.168.xx.200
access-list 1 deny 192.168.xx.201
access-list 1 deny 192.168.xx.102
access-list 1 deny 192.168.xx.103
access-list 1 permit 192.168.xx.0 0.0.0.255

! [Snip access-list 199 - deny standard hacks]
end

Is there something I can do to keep addresses aa.bb.cc.38 to aa.bb.cc.44 from "falling asleep"? Otherwise, I have to get a different ISP.

Thanks for reading!