Running 15.4(2)S on the ASR 901. Trying to do a simple NAT in my lab. The problem I'm having is that the host directly connected to the router doesn't NAT but if I source a ping from the inside interface it NAT's just fine. Both are on the same network and use the same ACL to match criteria. Routes to destination are there as the directly connected host is still able to ping it, just not getting translated.
ASR 901 relevant config:
!
interface GigabitEthernet0/4
no ip address
negotiation auto
service instance 41 ethernet
encapsulation dot1q 41
rewrite ingress tag pop 1 symmetric
bridge-domain 41
!
!
interface GigabitEthernet0/6
no ip address
negotiation auto
service instance 2 ethernet
encapsulation untagged
bridge-domain 2
!
(EFP is matching untagged because I'm sending pings from directly connected laptop without tagging)
!
interface Vlan41
ip address 1.1.1.2 255.255.255.252
ip nat outside
!
interface Vlan2
ip address 192.168.200.1 255.255.255.0
ip nat inside
access-list 50 permit 192.168.200.0 0.0.0.255
ip nat inside source list 50 interface Vlan41 overload
Source ping from the inside NAT interface translates fine. A host connected to the g0/6 interface pings 2.2.2.2 fine but doesn't translate, it's IP is 192.168.200.2/24
lab-asr-901#ping 2.2.2.2 source vlan 2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.200.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
lab-asr-901#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 1.1.1.2:1024 192.168.200.1:23 2.2.2.2:23 2.2.2.2:1024
Ideas?
