Sean,You should only need one ACL to implement this. Also with your second config I would try and add the match ip address 2* to the route-maps.You can lower the NAT translation timeout with these commandsip nat translation tcp-timeout 30ip nat trans...
Just put in another default route to 10.10.10.1 and it will have equal cost and load balance across each link. Both default routes will be installed in the routing table.
