Luca
SNAT is great in the one-armed setup whereby the LTM isn't the default gateway to ensure return traffic goes via the LTM, and that's the need I have here at my org. If you disable SNAT you'll need to ensure that there is a route back from the ISA servers to the original clients that goes via the LTM, else out of state issues will occur, for example. As for internet traffic the isa will proxy the traffic anyway so that will be the source as far as the internet webservers are concerned.
You could add the x-forwarded-for profile to the VIP, whilst using SNAT, although that would require that the ISA server can read this field in the header. Not sure about ISA I'm afraid.
N