SNAT as in "Source NAT". I'm trying to setup dual firewalls and want to use both concurrently while I transition my inbound NAT rules to the ASA. However, the default route on the core switch prohibits me from doing this since it only knows about the old firewall. A couple of possible workarounds are SNAT or Policy Based Routing on the core switch. Can the ASA perform SNAT like F5? i.e, Can it use its internal address as the "source" for anything destined to an internal web server? That way the web server would attempt to return the packet back to the ASA instead of using the default route, which is the old firewall. I've attached a simplified diagram of what I'm trying to accomplish. Thanks!