I would say that design is pretty ugly, unfortunately. From what I've seen, Windows boxes don't usually handle multiple default gateways well and there's no way to avoid the asymmetric routing.
I would recommend one of two things:
1) Keep the servers isolated in a VLAN behind LTM, and set up a wildcard virtual server on the LTM (0.0.0.0:0) and set it to IP forwarding, all protocols. Then have your core routers route to that isolated VLAN through the front end of the LTM (floating address). Then all sysadmin/monitoring/backup traffic will simply route through the LTM to the servers. Likewise the servers will be able to initiate outbound connections and be routed out, so you can get rid of the NAT. The only concern here is the level of that routed admin/etc traffic (especially backups). Depending on the LTM platform you have and how many servers we're talking about, it usually isn't a big problem unless you have a large number.
2) Use SNAT and use X-Forwarded-For headers in the http profile to insert the real client IP in the http request. We have an ISAPI filter for IIS here on DevCentral (Click here
- link to Joe's blog...I can't find it in the CodeShare anymore
) which replaces the client IP recorded in IIS logs with the X-Forwarded-For IP. If you aren't using IIS there's probably some other mechanism to use to log the XFF header.
Hope that helps!