the task does not explicitly allow PBR. Using "ip nat enable" could be a solution...
In my SG allows, but does not actually allow to add additional ip address to R2's Fa0/0 interface
I've tested this using local policy on SW1 sourcing from a loopback withing 172.16/16 range.
*Mar 1 01:04:23.677: NAT: s=172.16.7.7->22.214.171.124, d=126.96.36.199 *Mar 1 01:04:23.741: NAT*: s=188.8.131.52, d=184.108.40.206->172.16.7.7 *Mar 1 01:04:23.745: NAT: s=172.16.7.7->220.127.116.11, d=18.104.22.168 *Mar 1 01:04:23.809: NAT*: s=22.214.171.124, d=126.96.36.199->172.16.7.7 
is the secondary address needed on R2? It would be if the hosts share the same vlan used as transit between R2 and SW1 ...what the..?!
In the SG we are pinging R3. How is R3 supposed to find its way back to SW1. It has no route for 167.x.27.0/24. It would have if we did not change the IP address. I do see incoming ICMP packets on R3 though so I know the NAT is working.
I missed that the IP should be added as secondary...
It took me some time to understand how this actually works; for those interested I put a packet walkthrough at http://mostlynetworking.wordpress.com/2012/01/20/nat-on-a-stick-3/
Also note that the way task is worded suggests you should overload F0/0 ("Your design team has allocated this customer the IP address 188.8.131.52/24"), not use global pool.
I interpreted the wording the same. However, it is possible. This worked for me:
ip acce st NAT_RULE
permit 172.16.0.0 0.0.0.255
ip acce ex PROUTE_RULES
deny ip 172.16.0.0 0.0.0.255 host 184.108.40.206
permit ip 172.16.0.0 0.0.0.255 any
permit ip any host 220.127.116.11
ip nat inside
ip address 172.16.0.2 255.255.255.0 secondary
ip nat outside
ip policy route-map PROUTE_NAT
match ip address PROUTE_RULES
set ip next-hop 18.104.22.168
ip nat inside source list NAT_RULE int f0/0 overload
NAT on stick not working
I am not sure why its not working i am not able to ping from sw1 as give in SG verification i had followed what is in SG verfication (configured local policy)
Sw1# ping 22.214.171.124 source 172.16.0.8
ping fails even when pinging to sw2 with source 172.16.0.8 ping fails, but normal ping without source works fine
interface Loopback0 ip address 126.96.36.199 255.255.255.0 ip nat inside ip virtual-reassembly ip ospf network point-to-point
interface FastEthernet0/0 ip address 172.16.0.2 255.255.255.0 secondary ip address 188.8.131.52 255.255.255.0 ip nat outside ip virtual-reassembly ip policy route-map routemap speed 100 full-duplex
ip nat pool natpool 184.108.40.206 220.127.116.11 prefix-length 24
route-map routemap permit 10 match ip address insidelocal set interface Loopback0ip nat inside source list insidelocal pool natpool!ip access-list standard insidelocal permit 172.16.0.0 0.0.0.255
Please can some one help on this ...