Got a strange situation with udp not being translated with "ip nat enable".

Config:

interface FastEthernet0/0.22

description NAT INT for VRF TEST

encapsulation dot1Q 22

ip vrf forwarding TEST10

ip address 10.0.15.1 255.255.255.0

ip nat enable

no snmp trap link-status

!

ip nat pool NAT xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask 255.255.255.248 add-route

ip nat source list 2 pool NAT vrf TEST10 overload

access-list 2 permit 10.0.5.0 0.0.0.255

access-list 2 permit 10.0.10.0 0.0.0.255

access-list 2 permit 10.0.16.0 0.0.0.255

Device with 10.0.16.2 can successfully ping/telnet to Internet Addresses, but cannot perform udp (TFTP/DNS etc)

Example:

Successful ping from 10.0.16.2 -> DNS server (203.149.65.1) tcpdump:

10:31:55.000374 IP (tos 0x0, ttl 124, id 2309, offset 0, flags [none], length: 60) routable_nat_address > isp1.datafx.com.au: icmp 40: echo request seq 34049

10:31:55.000381 IP (tos 0x0, ttl 64, id 2423, offset 0, flags [none], length: 60) isp1.datafx.com.au > routable_nat_address: icmp 40: echo reply seq 34049

Then, unsuccessful tftp tcpdump:

11:25:10.877357 IP (tos 0x0, ttl 124, id 2592, offset 0, flags [none], length: 44) 10.0.16.2.4120 > 203.149.67.254.tftp: [udp sum ok] 16 RRQ "test" netascii

11:25:10.880978 IP (tos 0x0, ttl 64, id 21600, offset 0, flags [DF], length: 47) 203.149.67.254.32775 > 10.0.16.2.4120: [bad udp cksum 49db!] UDP, length: 19

11:25:11.871403 IP (tos 0x0, ttl 124, id 2593, offset 0, flags [none], length: 44) 10.0.16.2.4120 > 203.149.67.254.tftp: [udp sum ok] 16 RRQ "test" netascii

11:25:11.871716 IP (tos 0x0, ttl 64, id 21699, offset 0, flags [DF], length: 47) 203.149.67.254.32775 > 10.0.16.2.4120: [bad udp cksum 49db!] UDP, length: 19

As you can see - For some reason 10.0.16.2 is not being translated for the udp request?

Any suggestions greatly appreciated.