Dear MHM,

Let me do this and get back to you. 

regards

Virendra P

You are welcome 

As you thought, i have done static routing on 35 and 36 routers  towards CUS Private NW. 

ip route 10.22.0.0 255.255.0.0 102.1.1.4
ip route 112.112.112.112 255.255.255.255 102.1.1.3 This is used for iBGP session
ip route 172.16.0.0 255.255.0.0 102.1.1.4

CUSINTRTR1#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Et0/0.10 10 150 P Active local 102.1.1.3 102.1.1.1
CUSINTRTR1#


CUSINTRTR1#sh running-config | sec route
router bgp 1000
bgp router-id 111.111.111.111
bgp log-neighbor-changes
neighbor 36.1.1.2 remote-as 500
neighbor 36.1.1.2 ebgp-multihop 2
neighbor 36.1.1.6 remote-as 600
neighbor 36.1.1.6 ebgp-multihop 2
neighbor 112.112.112.112 remote-as 1000
neighbor 112.112.112.112 update-source Loopback0
neighbor 112.112.112.112 next-hop-self

I DID NOT ADVERTISE HERE PUBLIC POOL 102.1.1.0

PLEASE FIND NAT CONFIGURATION
ip access-list extended natpool
permit ip 172.16.0.0 0.0.255.255 any
permit ip 10.22.0.0 0.0.255.255 any
CUSINTRTR1#
ip nat pool natpool 102.1.1.0 102.1.1.254 netmask 255.255.255.0
ip nat inside source list natpool pool natpool

Current configuration : 121 bytes
!
interface Ethernet0/1
ip address 36.1.1.1 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
end

CUSINTRTR1#sh running-config int e0/2
Building configuration...

Current configuration : 121 bytes
!
interface Ethernet0/2
ip address 36.1.1.5 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
end

CUSINTRTR1#sh running-config int e0/0.10
Building configuration...

Current configuration : 203 bytes
!
interface Ethernet0/0.10
encapsulation dot1Q 10
ip address 102.1.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
standby 10 ip 102.1.1.1
standby 10 priority 150
standby 10 preempt
end

CUSINTRTR1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 102.1.1.1 172.16.111.11 --- ---
CUSINTRTR1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 102.1.1.1:54006 172.16.111.11:54006 200.1.1.1:23 200.1.1.1:23
--- 102.1.1.1 172.16.111.11 --- ---
CUSINTRTR1# IS THIS CORRECT ?

172.16.0.0/16
10.22.0.0/16
are subnet of BR's then your config is correct and as I see tcp entry in NAT is correct. 

yes and see the response from R3 which is assumed as server : 

DCSERVER3#telnet 200.1.1.1 23
Trying 200.1.1.1 ...
% Connection timed out; remote host not responding

CUSINTRTR1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 102.1.1.2:14165 172.16.111.11:14165 200.1.1.1:23 200.1.1.1:23
--- 102.1.1.2 172.16.111.11 --- ---
CUSINTRTR1# REMOTE HOST TELNET CONFIGURATION

ISPAS2000#sh running-config | sec vty
line vty 0 4
password cisco
login local
transport input telnet ssh
ISPAS2000#

BUT FROM BRANCH NOT ABLE TO REACH ON INTERNET ROUTER IF I AM DOING TELNET. SEE THE RESPONSE

R1user31#tel
BR1user31#telnet 200.1.1.1 23
Trying 200.1.1.1 ...
% Destination unreachable; gateway or host down

BR1user31#

do

traceroute 200.1.1.1 source 172.16.0.x 

let see where traffic is stop 

please find traceroute 

BR1user31#traceroute 200.1.1.1 numeric
Type escape sequence to abort.
Tracing the route to 200.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.22.22.1 1 msec 0 msec 1 msec
2 172.16.1.2 8 msec 9 msec 9 msec
3 172.16.1.14 9 msec 9 msec 9 msec
4 172.16.1.17 9 msec 9 msec 9 msec
5 172.16.1.22 9 msec 9 msec 9 msec
6 172.16.1.22 !H * !H
BR1user31# 172.16.1.22 is configured on DC RTR15 and WAN interface is e0/2.

DCCE1#sh running-config int e0/2
Building configuration...

Current configuration : 82 bytes
!
interface Ethernet0/2
ip address 172.16.1.22 255.255.255.252
duplex auto
end

DCCE1#layer 3 switches configuration

DCSW22#
DCSW22#sh running-config | sec route
ip route 0.0.0.0 0.0.0.0 102.1.1.2
ip route 10.22.0.0 255.255.0.0 172.16.110.1
ip route 172.16.0.0 255.255.0.0 172.16.110.1
DCSW22#

DCSW23#wr
*Nov 14 11:16:34.908: %SYS-5-CONFIG_I: Configured from console by console
DCSW23#sh running-config | sec route
ip route 0.0.0.0 0.0.0.0 102.1.1.1
ip route 10.22.0.0 255.255.0.0 172.16.110.1
ip route 172.16.0.0 255.255.0.0 172.16.110.1
DCSW23#

DCCE1#sh running-config int e0/2  MARKED IN BLUE.
Building configuration...

Current configuration : 82 bytes
!
interface Ethernet0/2
ip address 172.16.1.22 255.255.255.252
duplex auto
end

shut the connect of this router to ISP 
and do traceroute again 

As expected, the traffic diverted to backup ROUTER which DCCE2

And traceroute from sa

me  use PC:

BR1user31#traceroute 200.1.1.1 numeric

Type escape sequence to abort.

Tracing the route to 200.1.1.1
VRF info: (vrf in name/id, vrf out name/id)

1 10.22.22.1 1007 msec 1 msec 0 msec
2 172.16.1.2 8 msec 9 msec 9 msec
3 172.16.1.14 9 msec 9 msec 10 msec
4 172.16.1.17 9 msec 9 msec 9 msec
5 172.16.1.30 18 msec 17 msec 18 msec
6 172.16.1.30 !H * !H

inside DC which protocol you use ?
can I see 

show ip route in R16

Dear MHM,

please find the configuration :

DCCE1#sh running-config | sec route
router ospf 135
router-id 110.1.1.3
redistribute static subnets
network 172.16.1.20 0.0.0.3 area 1
network 172.16.1.24 0.0.0.3 area 1
network 172.16.110.0 0.0.0.255 area 1
default-information originate always
ip route 172.16.111.0 255.255.255.0 172.16.110.4 This is towards layer 3 Switch.
ip route 172.16.112.0 255.255.255.0 172.16.110.4
DCCE1#

default-information originate always <<- so there is no defualt route in this router R15/R16
remove always and config defualt route toward SW (which connect to internet router)