I am running a 2821 Router running 12.4(23) and I am having some odd experiences with nat.
Basically i want the clients on one subnet to be natted for everything except DNS traffic.
The natting works correctly if im just testing basic nat. however when I add an access list it is inconsistent. I added an access list which has basically a deny statements matching any udp/tcp traffic on port 53 and a permit statement for all IP.
When i clear the nat translations and do an NSLookup on a client on the subnet the first few queries are not natted.However they then randomly start to be natted, and the translations shows udp translations on port 53
Anyone have any ideas.