6509e to many packet drop

hello

i have a 6509e with sup 720 and i am doing routing OSPF  and route maps for my private IPs to be sent to a juniper firewall to be nated the design is like this

 172.16.4.x

                \

        GIG1/3\

                       6509    -----------------INTERNET

      GIG1/6/       \ 10.10.20.X

              /           \ ISG200

172.16.1.x

---------------------------------------------------

172.16.4.x can access internet 

172.16.1.x can not access internet to many drop packets

ISG 2000 WITCH is doing the nating can access internet vian another port with public ip address

is show commands

COREN#show runn inter gig 1/3

interface GigabitEthernet1/3

 ip address 197.215.x.x 255.255.255.248 secondary

 ip address 172.16.4.1 255.255.255.0

 no ip redirects

 ip flow ingress

 ip policy route-map P-F

 ip ospf priority 255

end

---------------------------------------------------

COREN#show runn inter gig 1/6

interface GigabitEthernet1/6

 ip address 197.215.x.x 255.255.255.224 secondary

 ip address 172.16.1.1 255.255.255.0

 no ip redirects

 ip flow ingress

 ip policy route-map P-F

end

-----------------------------------------------------------

COREN#show ip  route

C       197.215.128.0/29 is directly connected, GigabitEthernet1/1

C       172.16.4.0 is directly connected, GigabitEthernet1/3

C       172.16.1.0 is directly connected, GigabitEthernet1/6

     10.0.0.0/24 is subnetted, 1 subnets

C       10.10.20.0 is directly connected, GigabitEthernet1/2

S*   0.0.0.0/0 [1/0] via 197.215.128.1

------------------------------------------------------------

ip access-list extended P-I

 deny   ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255

 deny   ip 172.16.0.0 0.0.255.255 197.215.128.0 0.0.0.255

 deny   ip 197.215.128.0 0.0.0.255 197.215.128.0 0.0.0.255

 permit ip 172.16.0.0 0.0.255.255 any

 deny   ip 197.215.128.0 0.0.0.255 any

 deny   ip any any

-------------------------------------------------------------

route-map P-F permit 0

 match ip address P-I

 set ip next-hop 10.10.20.1

-------------------------------------------------------------

router ospf 1

 log-adjacency-changes

 network 10.10.20.0 0.0.0.255 area 0

 network 172.16.0.0 0.0.255.255 area 0

 network 197.215.0.0 0.0.255.255 area 0

-------------------------------------------------------------

so my problim is when i am in the 172.16.4.x network i have internet access but when i am in 172.16.1.x i have no internet as you can see from the show command they are the same config so i did a debug for the 172.16.1.x trafic and i got this 

*Mar  6 05:09:18.518: pak 50090A8C consumed in input feature , packet consumed, MCI Check(55), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

*Mar  6 05:09:18.762: pak 50050078 consumed in input feature , packet consumed, MCI Check(55), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

*Mar  6 05:09:18.762: pak 462A0938 consumed in input feature , packet consumed, MCI Check(55), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

the ios image || Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXI4a, RELEASE SOFTWARE (fc2) ||

so what coud be the problem 

can some one help ..