Appreciate your input. I will have to reconfigure NTP to use source address of virtual interface that is configured with OSPF routing then. That seems to be the solution in my case as I do not want 10.0.0.x subnet to have internet access. It is still strange to me why ICX would default to using lowest subnet configure for its own traffic, i.e. NTP and not use directly connected IP 192.168.29.1 as source....If you REALLY don't want this address having internet access, then learn to specify the ICX source address in commands requiring internet access so it doesn't default to using 10.0.0.1, and choose an ICX source address that does have a return route. example: "ping 220.127.116.11 source 192.168.0.11" - like magic, your ICX will have internet access. Same with other protocols on the switch, for instance NTP can be told which source address to use with "source-interface ve 10"
This is not a NAT issue, it's a routing issue, your edge router does not have return routes for a handful of your ICX addresses. The addresses that do have return routes do have internet access, the addresses that do not have return routes do not have internet access. I'm not sure how else to make this any clearer besides painting pictures