Nick
if you have setup dynamic NAT eg.
ip nat pool TEST 192.168.5.10-192.168.5.20
ip nat inside source list 101 pool TEST
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
then a connection cannot be initiated from the outside UNLESS there is already a translation for that address in the nat translation table ie.
192.168.1.20 is inside address. If 192.168.1.20 hasn't connected out thru the router then you can't connect to it by using one of the pool addresses. But obviously if it has connected out there will be a NAT translation and therefore the NAT will work coming back as well.
Solutions -
1) Assuming no firewalling capabilities on router you could use the "estasblished" keyword for TCP connections in an acl applied to the outside interface in an inbound direction.
2) Reflexive acl's - an improvement on 1)
2) Alternatively you could simply overload on the port numbers ie. instead of mapping one-to-one you map all your inside addresses to one single outside address. Still would allow connections to be initiated from outside but now you have to get the port details as well which is a lot less likely.
Jon