[c-nsp] NAT-able?

[Sean Granger]

I have a customer passing traffic to me through a network we have no control over.
They don't allow private addressing, yet have only assigned a /29 for transit traffic.
Due to these addressing requirements, he is translating his internally private source addresses by overloading the address of the interface facing me.
His destinations are static deNATed by me, one to one (6 hosts).
 
The traffic is getting through the shared network and my NAT table is setting up the translation properly, short of one thing.
His destinations are on another network that I have no control over, so I need to overload the address of my interface facing it, for the return traffic to be routable.
 
So if his destination A translates to my local address B is coming from his source X which I need to retranslate to Y.
 
Looking at the NAT debug, it appears to setup correctly :
 6/23/2009 14:07 router.address Debug 3463: Jun 23 14:05:33.477 CDT: NAT*: s=y.y.y.y, d=a.a.a.a->b.b.b.b [3356]
 6/23/2009 14:07 router.address Debug 3462: Jun 23 14:05:33.477 CDT: NAT*: s=x.x.x.x->y.y.y.y, d=a.a.a.a [3356]
 6/23/2009 14:07 router.address Debug 3461: Jun 23 14:05:33.477 CDT: NAT*: o: icmp (x.x.x.x, 23609) -> (a.a.a.a, 23609) [3356]
 
'sho ip nat trans' confirms it :
Pro Inside global      Inside local       Outside local      Outside global
icmp a.a.a.a:23609 b.b.b.b:23609 y.y.y.y:23609 x.x.x.x:23609

 
Although I get a ping response from local address B from within the router (using the same address as Y, which is the neighbor interface address) ... I'm not sending a response back to my customer, even though the translation appears to be correct ... it's getting lost somewhere and I can't find the error.
 
Any thoughts?