Cisco IOS NAT overload issue

I am having trouble with a basic PAT/overload configuration of my Cisco ISR router where I have a public static IP address and want to allow my internal private address hosts to access the internet.

Outside interface: GigabitEthernet0/0/1
Inside interface: GigabitEthernet0/1/1

I am able to ping outside (internet) hosts from my inside hosts. However, nothing else (TCP/UDP) seems to work. I'm not able to get replies to DNS lookups, http doesn't work.

I have run show ip nat translations and it seems to indicate that PAT is working correctly:

Router#show ip nat translations
Pro  Inside global         Inside local          Outside local         Outside global
tcp  XXX.XXX.XXX.110:1036  10.10.27.11:58148     YYY.YYY.YYY.183:80    YYY.YYY.YYY.183:80
udp  XXX.XXX.XXX.110:1033  10.10.27.11:61164     8.8.8.8:53            8.8.8.8:53
udp  XXX.XXX.XXX.110:1032  10.10.27.11:64615     8.8.4.4:53            8.8.4.4:53
udp  XXX.XXX.XXX.110:1028  10.10.27.11:64611     8.8.8.8:53            8.8.8.8:53
udp  XXX.XXX.XXX.110:1027  10.10.27.11:60143     8.8.4.4:53            8.8.4.4:53
udp  XXX.XXX.XXX.110:1030  10.10.27.11:64613     8.8.8.8:53            8.8.8.8:53
udp  XXX.XXX.XXX.110:1024  10.10.27.140:32780    8.8.4.4:53            8.8.4.4:53

Select allOpen in new window

I have verified that these outgoing packets are arriving at their destination by trying to access a web server that I control and confirming in the logs that an http request was received. However, the replies are not received by the inside hosts.

Below is my configuration. Any thoughts on what might be wrong?

version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot system bootflash:isr4300-universalk9.03.15.01.S.155-2.S1-std.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
no aaa new-model
!
no ip domain lookup
!
subscriber templating
!
multilink bundle-name authenticated
!
voice-card 0/4
 no watchdog
!
license udi pid ISR4331/K9 sn XXXXXXX
spanning-tree extend system-id
!
username XXXXXXX privilege 15 secret 5 XXXXXXX
!
redundancy
 mode none
!
vlan internal allocation policy ascending
!
ip tftp source-interface GigabitEthernet0/1/1
ip ssh rsa keypair-name sshkey
ip ssh version 2
! 
interface GigabitEthernet0/0/0
 no ip address
 shutdown
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/0/1
 ip address XXX.XXX.XXX.110 255.255.255.252
 ip nat outside
 negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/1/0
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/1/1
 ip address 10.10.27.2 255.255.255.0
 ip nat inside
 negotiation auto
!
interface Service-Engine0/4/0
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
interface Vlan1
 no ip address
 shutdown
!
ip nat pool ovrld XXX.XXX.XXX.110 XXX.XXX.XXX.110 netmask 255.255.255.252
ip nat inside source list 7 pool ovrld overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.109
!
access-list 7 permit 10.10.27.0 0.0.0.255
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login local
 transport input ssh
!
end

Select allOpen in new window