Got a strange situation with udp not being translated with "ip nat enable".
Config:
interface FastEthernet0/0.22
description NAT INT for VRF TEST
encapsulation dot1Q 22
ip vrf forwarding TEST10
ip address 10.0.15.1 255.255.255.0
ip nat enable
no snmp trap link-status
!
ip nat pool NAT xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask 255.255.255.248 add-route
ip nat source list 2 pool NAT vrf TEST10 overload
access-list 2 permit 10.0.5.0 0.0.0.255
access-list 2 permit 10.0.10.0 0.0.0.255
access-list 2 permit 10.0.16.0 0.0.0.255
Device with 10.0.16.2 can successfully ping/telnet to Internet Addresses, but cannot perform udp (TFTP/DNS etc)
Example:
Successful ping from 10.0.16.2 -> DNS server (203.149.65.1) tcpdump:
10:31:55.000374 IP (tos 0x0, ttl 124, id 2309, offset 0, flags [none], length: 60) routable_nat_address > isp1.datafx.com.au: icmp 40: echo request seq 34049
10:31:55.000381 IP (tos 0x0, ttl 64, id 2423, offset 0, flags [none], length: 60) isp1.datafx.com.au > routable_nat_address: icmp 40: echo reply seq 34049
Then, unsuccessful tftp tcpdump:
11:25:10.877357 IP (tos 0x0, ttl 124, id 2592, offset 0, flags [none], length: 44) 10.0.16.2.4120 > 203.149.67.254.tftp: [udp sum ok] 16 RRQ "test" netascii
11:25:10.880978 IP (tos 0x0, ttl 64, id 21600, offset 0, flags [DF], length: 47) 203.149.67.254.32775 > 10.0.16.2.4120: [bad udp cksum 49db!] UDP, length: 19
11:25:11.871403 IP (tos 0x0, ttl 124, id 2593, offset 0, flags [none], length: 44) 10.0.16.2.4120 > 203.149.67.254.tftp: [udp sum ok] 16 RRQ "test" netascii
11:25:11.871716 IP (tos 0x0, ttl 64, id 21699, offset 0, flags [DF], length: 47) 203.149.67.254.32775 > 10.0.16.2.4120: [bad udp cksum 49db!] UDP, length: 19
As you can see - For some reason 10.0.16.2 is not being translated for the udp request?
Any suggestions greatly appreciated.