I am working with the client who insists on hiding their CP cluster behind ASAs.
External interface will be in RFC 1918 range.
I've used this setup before in the lab environments, but would like to hear from you if there are any gotchas and particulars that I should be aware of.
ASAs will supply Static Nat from one of the public IPs to the VIP of the cluster and, should the need arise, to any hosts located in DMZs.
I am a bit concerned with S2S and remote access VPNs and am trying to figure out what else may be impacted.